Merge e2b34fff62ba7c2e642b07e5d00d7525aaab1f03 into b14192a8d3bb5b5a844977ea82de9a7d87dbdf06

feat: bump (#4490 )
Co-authored-by: Coder123 <coder123@example.com>
2025-05-08 15:38:27 +00:00 · 2024-10-15 12:55:50 +08:00 · 2024-10-15 10:55:56 +08:00 · 2024-09-25 14:42:17 -04:00
4 changed files with 42 additions and 4 deletions
--- a/Release.md
+++ b/Release.md
@ -1,3 +1,5 @@
 ### Features

 * The frpc visitor command-line parameter adds the `--server-user` option to specify the username of the server-side proxy to connect to.
+
+* Support multiple frpc instances with different subjects when using oidc authentication.
--- a/pkg/config/v1/plugin.go
+++ b/pkg/config/v1/plugin.go
@ -103,6 +103,7 @@ type HTTP2HTTPSPluginOptions struct {
 	LocalAddr         string           `json:"localAddr,omitempty"`
 	HostHeaderRewrite string           `json:"hostHeaderRewrite,omitempty"`
 	RequestHeaders    HeaderOperations `json:"requestHeaders,omitempty"`
+	RootCA            string           `json:"rootCA,omitempty"`
 }

 func (o *HTTP2HTTPSPluginOptions) Complete() {}
@ -137,6 +138,7 @@ type HTTPS2HTTPSPluginOptions struct {
 	EnableHTTP2       *bool            `json:"enableHTTP2,omitempty"`
 	CrtPath           string           `json:"crtPath,omitempty"`
 	KeyPath           string           `json:"keyPath,omitempty"`
+	RootCA            string           `json:"rootCA,omitempty"`
 }

 func (o *HTTPS2HTTPSPluginOptions) Complete() {
--- a/pkg/plugin/client/http2https.go
+++ b/pkg/plugin/client/http2https.go
@ -19,11 +19,13 @@ package plugin
 import (
 	"context"
 	"crypto/tls"
+	"crypto/x509"
 	"io"
 	stdlog "log"
 	"net"
 	"net/http"
 	"net/http/httputil"
+	"os"

 	"github.com/fatedier/golib/pool"

@ -53,8 +55,23 @@ func NewHTTP2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 		l:    listener,
 	}

-	tr := &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	tr := &http.Transport{}
+
+	if opts.RootCA != "" {
+		caCert, err := os.ReadFile(opts.RootCA)
+		if err != nil {
+			return nil, err
+		}
+		caCertPool, err := x509.SystemCertPool()
+		if err != nil {
+			return nil, err
+		}
+		caCertPool.AppendCertsFromPEM(caCert)
+		tr.TLSClientConfig = &tls.Config{
+			RootCAs: caCertPool,
+		}
+	} else {
+		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	}

 	rp := &httputil.ReverseProxy{
--- a/pkg/plugin/client/https2https.go
+++ b/pkg/plugin/client/https2https.go
@ -19,12 +19,14 @@ package plugin
 import (
 	"context"
 	"crypto/tls"
+	"crypto/x509"
 	"fmt"
 	"io"
 	stdlog "log"
 	"net"
 	"net/http"
 	"net/http/httputil"
+	"os"
 	"time"

 	"github.com/fatedier/golib/pool"
@ -58,8 +60,23 @@ func NewHTTPS2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 		l:    listener,
 	}

-	tr := &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	tr := &http.Transport{}
+
+	if opts.RootCA != "" {
+		caCert, err := os.ReadFile(opts.RootCA)
+		if err != nil {
+			return nil, err
+		}
+		caCertPool, err := x509.SystemCertPool()
+		if err != nil {
+			return nil, err
+		}
+		caCertPool.AppendCertsFromPEM(caCert)
+		tr.TLSClientConfig = &tls.Config{
+			RootCAs: caCertPool,
+		}
+	} else {
+		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	}

 	rp := &httputil.ReverseProxy{
Author	SHA1	Message	Date
adamwallred	18c56dcc9a	Merge e2b34fff62ba7c2e642b07e5d00d7525aaab1f03 into b14192a8d3bb5b5a844977ea82de9a7d87dbdf06	2024-10-15 12:55:50 +08:00
0x7fff	b14192a8d3	feat: bump (#4490 ) Co-authored-by: Coder123 <coder123@example.com>	2024-10-15 10:55:56 +08:00
Adam Allred	e2b34fff62	feat(plugin): add rootca and tls verify for client http plugins	2024-09-25 14:42:17 -04:00