Ignore remote certificate validation errors if accept any configured

[abelevtsov]

We can not use WebSocket SignalR protocol in Ocelot with self-signed certificate on downstream service side because DownstreamRoute.DangerousAcceptAnyServerCertificateValidator not used to skip ClientWebSocket's remote certificate validation.

Fixes / New Feature #

Proposed Changes

[zewa666]

any chance this gets reviewed? Currently in the same situation of needing to connect to a SignalR endpoint via wss with untrusted selfsigned cert at dev time

[thomaschampagne]

Some updates about this?

[abelevtsov]

Some updates about this?

we eventually moved to YARP..

[PratikPatel-Mtech]

@abelevtsov Does YARP has all the features of the Ocelot such as Authentication, Delegation Handler, Header Transform etc?

[abelevtsov]

@PratikPatel-Mtech yes it have:

• https://microsoft.github.io/reverse-proxy/articles/authn-authz.html
• https://microsoft.github.io/reverse-proxy/articles/transforms.html
• https://microsoft.github.io/reverse-proxy/articles/middleware.html
• and much more over

[alexandis]

Hey - is this to be fixed? We have the same problem: unable to use SignalR with self-signed dev certificate.

[raman-m]

@abelevtsov Hi Aleksandr! What issue is this PR related to?

Please note, Ocelot does not support wss-protocol. So, you cannot use WebSocket Secure vs SignalR. Moreover, SignalR is supported only for legacy HTTP1 pairing. See more here: #1636

[raman-m]

@abelevtsov commented on Sep 9, 2022

Sad to hear about this fact, man! 😢

What is the reason of moving to Yarp? Inability to use self-signed certificates for Web Socket client?! Or is there another reason...

[raman-m]

Duplicate of #1377

[raman-m]

Hey, @abelevtsov @zewa666 @thomaschampagne @PratikPatel-Mtech @alexandis Please, watch for #1377 and enable notifications. Going to close this PR... Hope you will contribute to Ocelot project in coming future. 😉