spring-cloud/spring-cloud-gateway
在 GitHub 查看Add a way to disable ProxyExchange hostname verification
Open
#346 创建于 2018年6月3日
enhancementhelp wanted
仓库指标
- Star
- (4,284 star)
- PR 合并指标
- (平均合并 1天 21小时) (30 天内合并 18 个 PR)
描述
I'm attempting to use gateway to bypass a load balancer and proxy a prometheus scrape request. I'm hitting an IP address directly, and setting the host header that the server is expecting.
This causes ssl issues.
I attempted to set spring.cloud.gateway.httpclient.ssl.use-insecure-trust-manager=true which got me past the initial error, but it now fails hostname verification:
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 1.2.3.4 found
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168) ~[na:1.8.0_162]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:94) ~[na:1.8.0_162]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[na:1.8.0_162]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[na:1.8.0_162]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252) ~[na:1.8.0_162]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_162]
at org.cloudfoundry.security.FileWatchingX509ExtendedTrustManager.checkServerTrusted(FileWatchingX509ExtendedTrustManager.java:73) ~[container_security_provider-1.11.0_RELEASE.jar:1.11.0.RELEASE]