extern/gatus
1
0
Fork 0
mirror of https://github.com/TwiN/gatus.git synced 2024-11-07 08:34:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(tls): Honor client.insecure when doing TLS checks (#547)

Browse Source 
* fix(watchdog): Add functions to avoid dangling file descriptors

* Change function name and add comment under core/endpoint.go
- change the function name of CloseHTTPConnection() to Close()
- add some comments above Close() function

* Update core/endpoint.go

* Update core/endpoint.go

* fix(client): Honor client.insecure when doing TLS checking
* add features in client/client.go to enable client.insecure when doing TLS checking

---------

Co-authored-by: Richard Cheng <richard_cheng@trendmicro.com>
Co-authored-by: TwiN <twin@linux.com>
This commit is contained in:
I-HSIN Cheng 2023-08-09 10:17:26 +08:00 committed by GitHub
parent 5f69351b6b
commit 5c5a954b68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
client/client.go
View File

@ -143,14 +143,20 @@ func CanPerformStartTLS(address string, config *Config) (connected bool, certifi
// CanPerformTLS checks whether a connection can be established to an address using the TLS protocol // CanPerformTLS checks whether a connection can be established to an address using the TLS protocol
func CanPerformTLS(address string, config *Config) (connected bool, certificate *x509.Certificate, err error) { func CanPerformTLS(address string, config *Config) (connected bool, certificate *x509.Certificate, err error) {
connection, err := tls.DialWithDialer(&net.Dialer{Timeout: config.Timeout}, "tcp", address, nil) connection, err := tls.DialWithDialer(&net.Dialer{Timeout: config.Timeout}, "tcp", address, &tls.Config{
InsecureSkipVerify: config.Insecure,
})
if err != nil { if err != nil {
return return
} }
defer connection.Close() defer connection.Close()
verifiedChains := connection.ConnectionState().VerifiedChains verifiedChains := connection.ConnectionState().VerifiedChains
// If config.Insecure is set to true, verifiedChains will be an empty list []
// We should get the parsed certificates from PeerCertificates, it can't be empty on the client side
// Reference: https://pkg.go.dev/crypto/tls#PeerCertificates
if len(verifiedChains) == 0 || len(verifiedChains[0]) == 0 { if len(verifiedChains) == 0 || len(verifiedChains[0]) == 0 {
return peerCertificates := connection.ConnectionState().PeerCertificates
return true, peerCertificates[0], nil
} }
return true, verifiedChains[0][0], nil return true, verifiedChains[0][0], nil
} }