mirror of
https://github.com/TwiN/gatus.git
synced 2024-12-14 11:58:04 +00:00
fix(tls): Honor client.insecure when doing TLS checks (#547)
* fix(watchdog): Add functions to avoid dangling file descriptors * Change function name and add comment under core/endpoint.go - change the function name of CloseHTTPConnection() to Close() - add some comments above Close() function * Update core/endpoint.go * Update core/endpoint.go * fix(client): Honor client.insecure when doing TLS checking * add features in client/client.go to enable client.insecure when doing TLS checking --------- Co-authored-by: Richard Cheng <richard_cheng@trendmicro.com> Co-authored-by: TwiN <twin@linux.com>
This commit is contained in:
parent
5f69351b6b
commit
5c5a954b68
1 changed files with 8 additions and 2 deletions
|
@ -143,14 +143,20 @@ func CanPerformStartTLS(address string, config *Config) (connected bool, certifi
|
||||||
|
|
||||||
// CanPerformTLS checks whether a connection can be established to an address using the TLS protocol
|
// CanPerformTLS checks whether a connection can be established to an address using the TLS protocol
|
||||||
func CanPerformTLS(address string, config *Config) (connected bool, certificate *x509.Certificate, err error) {
|
func CanPerformTLS(address string, config *Config) (connected bool, certificate *x509.Certificate, err error) {
|
||||||
connection, err := tls.DialWithDialer(&net.Dialer{Timeout: config.Timeout}, "tcp", address, nil)
|
connection, err := tls.DialWithDialer(&net.Dialer{Timeout: config.Timeout}, "tcp", address, &tls.Config{
|
||||||
|
InsecureSkipVerify: config.Insecure,
|
||||||
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
defer connection.Close()
|
defer connection.Close()
|
||||||
verifiedChains := connection.ConnectionState().VerifiedChains
|
verifiedChains := connection.ConnectionState().VerifiedChains
|
||||||
|
// If config.Insecure is set to true, verifiedChains will be an empty list []
|
||||||
|
// We should get the parsed certificates from PeerCertificates, it can't be empty on the client side
|
||||||
|
// Reference: https://pkg.go.dev/crypto/tls#PeerCertificates
|
||||||
if len(verifiedChains) == 0 || len(verifiedChains[0]) == 0 {
|
if len(verifiedChains) == 0 || len(verifiedChains[0]) == 0 {
|
||||||
return
|
peerCertificates := connection.ConnectionState().PeerCertificates
|
||||||
|
return true, peerCertificates[0], nil
|
||||||
}
|
}
|
||||||
return true, verifiedChains[0][0], nil
|
return true, verifiedChains[0][0], nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue