spring-cloud/spring-cloud-gateway

Add a way to disable ProxyExchange hostname verification

Open

#346 ouverte le 3 juin 2018

Voir sur GitHub
 (2 commentaires) (0 réactions) (0 assignés)Java (3 204 forks)batch import
enhancementhelp wanted

Métriques du dépôt

Stars
 (4 284 stars)
Métriques de merge PR
 (Merge moyen 1j 21h) (18 PRs mergées en 30 j)

Description

I'm attempting to use gateway to bypass a load balancer and proxy a prometheus scrape request. I'm hitting an IP address directly, and setting the host header that the server is expecting.

This causes ssl issues.

I attempted to set spring.cloud.gateway.httpclient.ssl.use-insecure-trust-manager=true which got me past the initial error, but it now fails hostname verification:

  Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 1.2.3.4 found
     at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168) ~[na:1.8.0_162]
     at sun.security.util.HostnameChecker.match(HostnameChecker.java:94) ~[na:1.8.0_162]
     at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[na:1.8.0_162]
     at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[na:1.8.0_162]
     at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252) ~[na:1.8.0_162]
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_162]
     at org.cloudfoundry.security.FileWatchingX509ExtendedTrustManager.checkServerTrusted(FileWatchingX509ExtendedTrustManager.java:73) ~[container_security_provider-1.11.0_RELEASE.jar:1.11.0.RELEASE]

Guide contributeur