spring-cloud/spring-cloud-gateway
在 GitHub 查看Add a way to disable ProxyExchange hostname verification
Open
#346 建立於 2018年6月3日
enhancementhelp wanted
倉庫指標
- Star
- (4,284 star)
- PR 合併指標
- (平均合併 1天 21小時) (30 天內合併 18 個 PR)
描述
I'm attempting to use gateway to bypass a load balancer and proxy a prometheus scrape request. I'm hitting an IP address directly, and setting the host header that the server is expecting.
This causes ssl issues.
I attempted to set spring.cloud.gateway.httpclient.ssl.use-insecure-trust-manager=true which got me past the initial error, but it now fails hostname verification:
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 1.2.3.4 found
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168) ~[na:1.8.0_162]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:94) ~[na:1.8.0_162]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[na:1.8.0_162]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[na:1.8.0_162]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252) ~[na:1.8.0_162]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_162]
at org.cloudfoundry.security.FileWatchingX509ExtendedTrustManager.checkServerTrusted(FileWatchingX509ExtendedTrustManager.java:73) ~[container_security_provider-1.11.0_RELEASE.jar:1.11.0.RELEASE]