Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Adding fix to ignore self-signed certificates verification #2812

Merged
merged 3 commits into from
Sep 24, 2024
Merged

Adding fix to ignore self-signed certificates verification #2812

merged 3 commits into from
Sep 24, 2024

Conversation

vinothsa4891
Copy link
Contributor

Adding fix to ignore self-signed certificates verification

@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Aug 25, 2024
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@vinothsa4891 vinothsa4891 mentioned this pull request Aug 25, 2024
Closed
@vinothsa4891 vinothsa4891 force-pushed the bugfix/support-reject-unauthorized branch from c44f165 to ca9f8c7 Compare August 25, 2024 11:40
@vinothsa4891
Copy link
Contributor Author

#2811

@murgatroid99
Copy link
Member

In the referenced issue, you mention that the Go implementation accomplishes this with a TLS credentials option. I think we should take the same approach in Node, rather than introducing a new channel option. Both credentials.createSsl and credetials.createFromSecureContext have a verifyOptions argument that this option would fit in.

@vinothsa4891
Copy link
Contributor Author

I tried with verifyOptions checkServerIdentity: () => null, but with this, I was able to disable only the hostname/CN name verification. I'm still getting error for self signed certificate. I see only rejectUnauthorized: false to bypass the verification of self-signed certificates and allows the client to make SSL requests without validating the server’s SSL certificate @murgatroid99

@murgatroid99
Copy link
Member

I am suggesting that instead of adding a channel option, we add a field to verifyOptions called rejectUnauthorized that gets passed along to the connection options.

@vinothsa4891
Copy link
Contributor Author

vinothsa4891 commented Sep 19, 2024
edited
Loading

@murgatroid99 - Yes, made changes. could you please now check ?

@murgatroid99 murgatroid99 merged commit 3c9436b into grpc:master Sep 24, 2024
4 of 5 checks passed
@darnley darnley mentioned this pull request Sep 26, 2024
Closed
1 task
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@murgatroid99 murgatroid99 murgatroid99 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vinothsa4891 @murgatroid99 @kokoro-team