spring-cloud/spring-cloud-gateway

Add a way to disable ProxyExchange hostname verification

Open

#346 创建于 2018年6月3日

在 GitHub 查看
 (2 评论) (0 反应) (0 负责人)Java (3,204 fork)batch import
enhancementhelp wanted

仓库指标

Star
 (4,284 star)
PR 合并指标
 (平均合并 1天 21小时) (30 天内合并 18 个 PR)

描述

I'm attempting to use gateway to bypass a load balancer and proxy a prometheus scrape request. I'm hitting an IP address directly, and setting the host header that the server is expecting.

This causes ssl issues.

I attempted to set spring.cloud.gateway.httpclient.ssl.use-insecure-trust-manager=true which got me past the initial error, but it now fails hostname verification:

  Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 1.2.3.4 found
     at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168) ~[na:1.8.0_162]
     at sun.security.util.HostnameChecker.match(HostnameChecker.java:94) ~[na:1.8.0_162]
     at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[na:1.8.0_162]
     at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[na:1.8.0_162]
     at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252) ~[na:1.8.0_162]
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_162]
     at org.cloudfoundry.security.FileWatchingX509ExtendedTrustManager.checkServerTrusted(FileWatchingX509ExtendedTrustManager.java:73) ~[container_security_provider-1.11.0_RELEASE.jar:1.11.0.RELEASE]

贡献者指南