Skip to content
This repository has been archived by the owner on Aug 30, 2023. It is now read-only.

No way to disable SSL verification #169

Open
mavidser opened this issue Feb 8, 2018 · 8 comments
Open

No way to disable SSL verification #169

mavidser opened this issue Feb 8, 2018 · 8 comments
Labels
Status: In Progress Type: Improvement

Comments

@mavidser
Copy link

mavidser commented Feb 8, 2018

Title says it all.

What'd be the best way to go ahead with implementing the solution?
One way's to implement a DisableSSLValidation() on the client, or alternatively we can use the ?ssl_verify=0 like the python client uses. Thoughts?

Maybe we can implement supplying our own CertPool in the future too.
@negbie
Copy link

negbie commented Mar 15, 2018

+1

1 similar comment
@B-iggy
Copy link

B-iggy commented Mar 16, 2018

+1

@subvillion
Copy link

AGRRHHH!
I spent hours to understood, why nothing worked. The stupidest thing with the SSL error - I can't see this error!!!
I used https://github.com/evalphobia/logrus_sentry and only that save my mental

Failed to fire hook: Post https://sentry-xxx.ru/api/284/store/: x509: certificate signed by unknown authority
ERRO[0000] test

@subvillion
Copy link

Quick fix: add InsecureSkipVerify: true to client.go newTransport func

func newTransport() Transport {
	t := &HTTPTransport{}
	rootCAs, err := gocertifi.CACerts()
	if err != nil {
		log.Println("raven: failed to load root TLS certificates:", err)
	} else {
		t.Client = &http.Client{
			Transport: &http.Transport{
				Proxy:           http.ProxyFromEnvironment,
				TLSClientConfig: &tls.Config{RootCAs: rootCAs, InsecureSkipVerify: true},
			},
		}
	}
	return t
}

@negbie
Copy link

negbie commented Dec 6, 2018
edited
Loading

@subvillion mby you should add
func (client *Client) SetSSLVerify(verify bool) error {
.....
}
and add some additional logic to make this configurable. Then you could do a pull request.

@mavidser mavidser mentioned this issue Dec 6, 2018
Closed
@mavidser
Copy link
Author

mavidser commented Dec 6, 2018
edited
Loading

@subvillion Can you test out #221 - [branch] ? It adds a SetSSLVerification method for disabling SSL verification.

Unfortunately I'm unable to verify it for a few days.

@subvillion
Copy link

@mavidser - thx, just works!

sentry, _ := raven.New("https://xxx@domain/8848")
sentry.SetSSLVerification(false)
sentry.CaptureMessageAndWait("myMSG")

@mavidser
Copy link
Author

mavidser commented Dec 7, 2018
edited
Loading

ack, verified! thanks!

btw, if anyone wants to disable verification without forking raven, here's how I do it currently (until linked the PR is merged):

client, _ := raven.New("https://xxx@domain/id")
// use raven.DefaultClient instead of client if using the package directly
client.Transport = &raven.HTTPTransport{
	Client: &http.Client{
		Transport: &http.Transport{
			Proxy:           http.ProxyFromEnvironment,
			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
		},
	},
}

@mattrobenolt mattrobenolt mentioned this issue Dec 7, 2018
Open
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
Status: In Progress Type: Improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@subvillion @kamilogorek @mavidser @B-iggy @negbie