Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ignore remote certificate validation errors if accept any configured #1503

Closed
wants to merge 2 commits into from
Closed

Conversation

abelevtsov
Copy link

@abelevtsov abelevtsov commented Aug 10, 2021

Fixes / New Feature

We can not use WebSocket SignalR protocol in Ocelot with self-signed certificate on downstream service side because DownstreamRoute.DangerousAcceptAnyServerCertificateValidator not used to skip ClientWebSocket's remote certificate validation.

Proposed Changes

  • Use fake validator and assign it to the RemoteCertificateValidationCallback property of the client to have successful validation result always

@zewa666
Copy link

zewa666 commented Apr 12, 2022

any chance this gets reviewed? Currently in the same situation of needing to connect to a SignalR endpoint via wss with untrusted selfsigned cert at dev time

@thomaschampagne
Copy link

Some updates about this?

@abelevtsov
Copy link
Author

Some updates about this?

we eventually moved to YARP..

@PratikPatel-Mtech
Copy link

@abelevtsov Does YARP has all the features of the Ocelot such as Authentication, Delegation Handler, Header Transform etc?

@abelevtsov
Copy link
Author

abelevtsov commented Sep 16, 2022

stefancruz pushed a commit to stefancruz/Ocelot that referenced this pull request Dec 22, 2022
We can not use WebSocket SignalR protocol in Ocelot with self-signed certificate on downstream service side because DownstreamRoute.DangerousAcceptAnyServerCertificateValidator not used to skip ClientWebSocket's remote certificate validation.


Cherry picked from ThreeMammals#1503
@alexandis
Copy link

Hey - is this to be fixed? We have the same problem: unable to use SignalR with self-signed dev certificate.

@raman-m
Copy link
Member

raman-m commented May 20, 2023

@abelevtsov Hi Aleksandr!
What issue is this PR related to?

Please note, Ocelot does not support wss-protocol. So, you cannot use WebSocket Secure vs SignalR.
Moreover, SignalR is supported only for legacy HTTP1 pairing.
See more here: #1636

@raman-m raman-m self-requested a review May 22, 2023 09:01
Aleksandr Belevtsov and others added 2 commits June 30, 2023 21:33
We can not use WebSocket SignalR protocol in Ocelot with self-signed certificate on downstream service side because DownstreamRoute.DangerousAcceptAnyServerCertificateValidator not used to skip ClientWebSocket's remote certificate validation.
Use simple 'using' statement
@raman-m
Copy link
Member

raman-m commented Aug 25, 2023

@abelevtsov commented on Sep 9, 2022

Sad to hear about this fact, man! 😢

What is the reason of moving to Yarp? Inability to use self-signed certificates for Web Socket client?!
Or is there another reason...

@raman-m raman-m added feature A new feature proposal Proposal for a new functionality in Ocelot needs feedback Issue is waiting on feedback before acceptance labels Aug 25, 2023
@raman-m
Copy link
Member

raman-m commented Aug 25, 2023

Duplicate of #1377

@raman-m
Copy link
Member

raman-m commented Aug 25, 2023

Hey, @abelevtsov @zewa666 @thomaschampagne @PratikPatel-Mtech @alexandis
Please, watch for #1377 and enable notifications.
Going to close this PR...
Hope you will contribute to Ocelot project in coming future. 😉

@raman-m raman-m closed this Aug 25, 2023
@ThreeMammals ThreeMammals deleted a comment from abelevtsov Oct 17, 2023
@ThreeMammals ThreeMammals locked and limited conversation to collaborators Oct 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
feature A new feature needs feedback Issue is waiting on feedback before acceptance proposal Proposal for a new functionality in Ocelot
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants