Skip to content
This repository has been archived by the owner on Aug 30, 2023. It is now read-only.

No way to disable SSL verification #169

Open
mavidser opened this issue Feb 8, 2018 · 8 comments
Open

No way to disable SSL verification #169

mavidser opened this issue Feb 8, 2018 · 8 comments
Labels
Status: In Progress Type: Improvement

Comments

@mavidser
Copy link

mavidser commented Feb 8, 2018

Title says it all.

What'd be the best way to go ahead with implementing the solution?
One way's to implement a DisableSSLValidation() on the client, or alternatively we can use the ?ssl_verify=0 like the python client uses. Thoughts?

Maybe we can implement supplying our own CertPool in the future too.
@negbie
Copy link

negbie commented Mar 15, 2018

+1

1 similar comment
@B-iggy
Copy link

B-iggy commented Mar 16, 2018

+1

@subvillion
Copy link

AGRRHHH!
I spent hours to understood, why nothing worked. The stupidest thing with the SSL error - I can't see this error!!!
I used https://github.com/evalphobia/logrus_sentry and only that save my mental

Failed to fire hook: Post https://sentry-xxx.ru/api/284/store/: x509: certificate signed by unknown authority
ERRO[0000] test

@subvillion
Copy link

Quick fix: add InsecureSkipVerify: true to client.go newTransport func

func newTransport() Transport {
	t := &HTTPTransport{}
	rootCAs, err := gocertifi.CACerts()
	if err != nil {
		log.Println("raven: failed to load root TLS certificates:", err)
	} else {
		t.Client = &http.Client{
			Transport: &http.Transport{
				Proxy:           http.ProxyFromEnvironment,
				TLSClientConfig: &tls.Config{RootCAs: rootCAs, InsecureSkipVerify: true},
			},
		}
	}
	return t
}

@negbie
Copy link

negbie commented Dec 6, 2018
edited

@subvillion mby you should add
func (client *Client) SetSSLVerify(verify bool) error {
.....
}
and add some additional logic to make this configurable. Then you could do a pull request.

@mavidser mavidser mentioned this issue Dec 6, 2018
Closed
@mavidser
Copy link
Author

mavidser commented Dec 6, 2018
edited

@subvillion Can you test out #221 - [branch] ? It adds a SetSSLVerification method for disabling SSL verification.

Unfortunately I'm unable to verify it for a few days.

@subvillion
Copy link

@mavidser - thx, just works!

sentry, _ := raven.New("https://xxx@domain/8848")
sentry.SetSSLVerification(false)
sentry.CaptureMessageAndWait("myMSG")

@mavidser
Copy link
Author

mavidser commented Dec 7, 2018
edited

ack, verified! thanks!

btw, if anyone wants to disable verification without forking raven, here's how I do it currently (until linked the PR is merged):

client, _ := raven.New("https://xxx@domain/id")
// use raven.DefaultClient instead of client if using the package directly
client.Transport = &raven.HTTPTransport{
	Client: &http.Client{
		Transport: &http.Transport{
			Proxy:           http.ProxyFromEnvironment,
			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
		},
	},
}

@mattrobenolt mattrobenolt mentioned this issue Dec 7, 2018
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Status: In Progress Type: Improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@subvillion @kamilogorek @mavidser @B-iggy @negbie