Skip to content
Snippets Groups Projects
Commit b762d99a authored by Jonah Husson's avatar Jonah Husson
Browse files

Properly set server name, don't use insecureskipverify

parent a667162c
No related branches found
No related tags found
3 merge requests!39Merge release into master,!34Update to use modified client, add params for relevant options, enable use of tls with web conn,!32Project/channels
......@@ -11,6 +11,7 @@ package connect
import (
"crypto/tls"
"crypto/x509"
"github.com/golang/protobuf/ptypes/any"
"github.com/improbable-eng/grpc-web/go/grpcweb"
"github.com/pkg/errors"
......@@ -18,6 +19,7 @@ import (
jww "github.com/spf13/jwalterweatherman"
"gitlab.com/xx_network/comms/connect/token"
"gitlab.com/xx_network/crypto/signature/rsa"
tlsCreds "gitlab.com/xx_network/crypto/tls"
"gitlab.com/xx_network/primitives/id"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
......@@ -242,13 +244,16 @@ func (c *ProtoComms) ServeWithWeb() {
// Configure tls for this listener, using the config from http.ServeTLS
tlsConf := &tls.Config{}
tlsConf.NextProtos = append(tlsConf.NextProtos, "h2", "http/1.1")
tlsConf.Certificates = make([]tls.Certificate, 1)
// Our internal certificates may not pass standard verification
tlsConf.InsecureSkipVerify = true
//tlsConf.VerifyPeerCertificate = func(rawCerts [][]byte,
// verifiedChains [][]*x509.Certificate) error {
//}
var err error
var cert *x509.Certificate
cert, err = tlsCreds.LoadCertificate(string(c.pubKeyPem))
if err != nil {
jww.FATAL.Panicf("failed to load tls certificate: %+v", err)
}
tlsConf.ServerName = cert.DNSNames[0]
tlsConf.Certificates = make([]tls.Certificate, 1)
tlsConf.Certificates[0], err = tls.X509KeyPair(c.pubKeyPem, rsa.CreatePrivateKeyPem(c.privateKey))
if err != nil {
jww.FATAL.Panicf("Failed to load tls key: %+v", err)
......
......@@ -64,12 +64,12 @@ func (wc *webConn) IsWeb() bool {
// establish a connection past creating the http object.
func (wc *webConn) connectWebHelper() (err error) {
// Configure TLS options
var securityDial grpcweb.DialOption
var securityDial []grpcweb.DialOption
if wc.h.credentials != nil {
securityDial = grpcweb.WithTlsCertificate(wc.h.certificate)
securityDial = []grpcweb.DialOption{grpcweb.WithTlsCertificate(wc.h.certificate)}
} else if TestingOnlyDisableTLS {
jww.WARN.Printf("Connecting to %v without TLS!", wc.h.GetAddress())
securityDial = grpcweb.WithInsecure()
securityDial = []grpcweb.DialOption{grpcweb.WithInsecure()}
} else {
jww.FATAL.Panicf(tlsError)
}
......@@ -97,10 +97,9 @@ func (wc *webConn) connectWebHelper() (err error) {
grpcweb.WithIdleConnTimeout(wc.h.params.WebParams.IdleConnTimeout),
grpcweb.WithExpectContinueTimeout(wc.h.params.WebParams.ExpectContinueTimeout),
grpcweb.WithTlsHandshakeTimeout(wc.h.params.WebParams.TlsHandshakeTimeout),
grpcweb.WithInsecureTlsVerification(),
grpcweb.WithDefaultCallOptions(), // grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(math.MaxInt32)),
securityDial,
}
dialOpts = append(dialOpts, securityDial...)
//windowSize := atomic.LoadInt32(wc.h.windowSize)
//if windowSize != 0 {
......
......@@ -3,7 +3,7 @@ module gitlab.com/xx_network/comms
go 1.13
require (
git.xx.network/elixxir/grpc-web-go-client v0.0.0-20220826174128-b60c76b23331
git.xx.network/elixxir/grpc-web-go-client v0.0.0-20220829172231-6a5af4b7a0ba
github.com/cenkalti/backoff/v4 v4.1.3 // indirect
github.com/golang/protobuf v1.5.2
github.com/improbable-eng/grpc-web v0.15.0
......
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
git.xx.network/elixxir/grpc-web-go-client v0.0.0-20220826174128-b60c76b23331 h1:m7l89iPw7f6DTc8CNQEmKpEBQPgTNgwNGEf4mjp97rI=
git.xx.network/elixxir/grpc-web-go-client v0.0.0-20220826174128-b60c76b23331/go.mod h1:GrZ4Fy3YfaNe7RLnai+H+jE+fwqFA90tVmYOpKK90Yg=
git.xx.network/elixxir/grpc-web-go-client v0.0.0-20220829163820-1930e163e04e h1:J9dJ/Q1/LhbMZ+y0LNtTjE55XxAlzoiXArJt9JWVtcg=
git.xx.network/elixxir/grpc-web-go-client v0.0.0-20220829163820-1930e163e04e/go.mod h1:GrZ4Fy3YfaNe7RLnai+H+jE+fwqFA90tVmYOpKK90Yg=
git.xx.network/elixxir/grpc-web-go-client v0.0.0-20220829170839-b26469d28933 h1:qq0vqsz9aLxiUMrgQnD0bv8E26vyEYg3wyYb2Eikcyo=
git.xx.network/elixxir/grpc-web-go-client v0.0.0-20220829170839-b26469d28933/go.mod h1:GrZ4Fy3YfaNe7RLnai+H+jE+fwqFA90tVmYOpKK90Yg=
git.xx.network/elixxir/grpc-web-go-client v0.0.0-20220829172231-6a5af4b7a0ba h1:o2ql9gw5UipnFa+7mdcbKIyA+knQ13cuOvB34auPEQ4=
git.xx.network/elixxir/grpc-web-go-client v0.0.0-20220829172231-6a5af4b7a0ba/go.mod h1:GrZ4Fy3YfaNe7RLnai+H+jE+fwqFA90tVmYOpKK90Yg=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment