raven-go icon indicating copy to clipboard operation
raven-go copied to clipboard

Published 20 hours ago verified publisher icon getsentry

No way to disable SSL verification

Open mavidser opened this issue 7 years ago • 8 comments

Title says it all.

What'd be the best way to go ahead with implementing the solution? One way's to implement a DisableSSLValidation() on the client, or alternatively we can use the ?ssl_verify=0 like the python client uses. Thoughts?

Maybe we can implement supplying our own CertPool in the future too.

mavidser avatar Feb 08 '18 14:02 mavidser

+1

negbie avatar Mar 15 '18 14:03 negbie

+1

B-iggy avatar Mar 16 '18 22:03 B-iggy

AGRRHHH! I spent hours to understood, why nothing worked. The stupidest thing with the SSL error - I can't see this error!!! I used https://github.com/evalphobia/logrus_sentry and only that save my mental

Failed to fire hook: Post https://sentry-xxx.ru/api/284/store/: x509: certificate signed by unknown authority
ERRO[0000] test

subvillion avatar Dec 06 '18 08:12 subvillion

Quick fix: add InsecureSkipVerify: true to client.go newTransport func

func newTransport() Transport {
	t := &HTTPTransport{}
	rootCAs, err := gocertifi.CACerts()
	if err != nil {
		log.Println("raven: failed to load root TLS certificates:", err)
	} else {
		t.Client = &http.Client{
			Transport: &http.Transport{
				Proxy:           http.ProxyFromEnvironment,
				TLSClientConfig: &tls.Config{RootCAs: rootCAs, InsecureSkipVerify: true},
			},
		}
	}
	return t
}

subvillion avatar Dec 06 '18 11:12 subvillion

@subvillion mby you should add func (client *Client) SetSSLVerify(verify bool) error { ..... } and add some additional logic to make this configurable. Then you could do a pull request.

negbie avatar Dec 06 '18 11:12 negbie

@subvillion Can you test out #221 - [branch] ? It adds a SetSSLVerification method for disabling SSL verification.

Unfortunately I'm unable to verify it for a few days.

mavidser avatar Dec 06 '18 15:12 mavidser

@mavidser - thx, just works!

sentry, _ := raven.New("https://xxx@domain/8848")
sentry.SetSSLVerification(false)
sentry.CaptureMessageAndWait("myMSG")

subvillion avatar Dec 07 '18 08:12 subvillion

ack, verified! thanks!

btw, if anyone wants to disable verification without forking raven, here's how I do it currently (until linked the PR is merged):

client, _ := raven.New("https://xxx@domain/id")
// use raven.DefaultClient instead of client if using the package directly
client.Transport = &raven.HTTPTransport{
	Client: &http.Client{
		Transport: &http.Transport{
			Proxy:           http.ProxyFromEnvironment,
			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
		},
	},
}

mavidser avatar Dec 07 '18 12:12 mavidser