-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignore remote certificate validation errors if accept any configured #1503
Conversation
any chance this gets reviewed? Currently in the same situation of needing to connect to a SignalR endpoint via wss with untrusted selfsigned cert at dev time |
Some updates about this? |
we eventually moved to YARP.. |
@abelevtsov Does YARP has all the features of the Ocelot such as Authentication, Delegation Handler, Header Transform etc? |
We can not use WebSocket SignalR protocol in Ocelot with self-signed certificate on downstream service side because DownstreamRoute.DangerousAcceptAnyServerCertificateValidator not used to skip ClientWebSocket's remote certificate validation. Cherry picked from ThreeMammals#1503
Hey - is this to be fixed? We have the same problem: unable to use SignalR with self-signed dev certificate. |
@abelevtsov Hi Aleksandr! Please note, Ocelot does not support wss-protocol. So, you cannot use WebSocket Secure vs SignalR. |
We can not use WebSocket SignalR protocol in Ocelot with self-signed certificate on downstream service side because DownstreamRoute.DangerousAcceptAnyServerCertificateValidator not used to skip ClientWebSocket's remote certificate validation.
Use simple 'using' statement
Sad to hear about this fact, man! 😢 What is the reason of moving to Yarp? Inability to use self-signed certificates for Web Socket client?! |
Duplicate of #1377 |
Hey, @abelevtsov @zewa666 @thomaschampagne @PratikPatel-Mtech @alexandis |
Fixes / New Feature
We can not use WebSocket SignalR protocol in Ocelot with self-signed certificate on downstream service side because
DownstreamRoute.DangerousAcceptAnyServerCertificateValidator
not used to skipClientWebSocket
's remote certificate validation.Proposed Changes
RemoteCertificateValidationCallback
property of the client to have successful validation result always