Merge e2b34fff62ba7c2e642b07e5d00d7525aaab1f03 into 9d5638cae6dfecb10bff7c6d3e52625fe264fee1

feat(plugin): add rootca and tls verify for client http plugins
2025-05-10 17:08:26 +00:00 · 2024-10-18 14:39:03 +08:00 · 2024-09-25 14:42:17 -04:00
3 changed files with 40 additions and 4 deletions
--- a/pkg/config/v1/plugin.go
+++ b/pkg/config/v1/plugin.go
@ -103,6 +103,7 @@ type HTTP2HTTPSPluginOptions struct {
 	LocalAddr         string           `json:"localAddr,omitempty"`
 	HostHeaderRewrite string           `json:"hostHeaderRewrite,omitempty"`
 	RequestHeaders    HeaderOperations `json:"requestHeaders,omitempty"`
 	RootCA            string           `json:"rootCA,omitempty"`
 }
 func (o *HTTP2HTTPSPluginOptions) Complete() {}
@ -137,6 +138,7 @@ type HTTPS2HTTPSPluginOptions struct {
 	EnableHTTP2       *bool            `json:"enableHTTP2,omitempty"`
 	CrtPath           string           `json:"crtPath,omitempty"`
 	KeyPath           string           `json:"keyPath,omitempty"`
 	RootCA            string           `json:"rootCA,omitempty"`
 }
 func (o *HTTPS2HTTPSPluginOptions) Complete() {
--- a/pkg/plugin/client/http2https.go
+++ b/pkg/plugin/client/http2https.go
@ -19,11 +19,13 @@ package plugin
 import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"io"
 	stdlog "log"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"os"
 	"github.com/fatedier/golib/pool"
@ -53,8 +55,23 @@ func NewHTTP2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 		l:    listener,
 	}
-	tr := &http.Transport{
+	tr := &http.Transport{}
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+
 	if opts.RootCA != "" {
 		caCert, err := os.ReadFile(opts.RootCA)
 		if err != nil {
 			return nil, err
 		}
 		caCertPool, err := x509.SystemCertPool()
 		if err != nil {
 			return nil, err
 		}
 		caCertPool.AppendCertsFromPEM(caCert)
 		tr.TLSClientConfig = &tls.Config{
 			RootCAs: caCertPool,
 		}
 	} else {
 		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	}
 	rp := &httputil.ReverseProxy{
--- a/pkg/plugin/client/https2https.go
+++ b/pkg/plugin/client/https2https.go
@ -19,12 +19,14 @@ package plugin
 import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
 	"io"
 	stdlog "log"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"os"
 	"time"
 	"github.com/fatedier/golib/pool"
@ -58,8 +60,23 @@ func NewHTTPS2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 		l:    listener,
 	}
-	tr := &http.Transport{
+	tr := &http.Transport{}
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+
 	if opts.RootCA != "" {
 		caCert, err := os.ReadFile(opts.RootCA)
 		if err != nil {
 			return nil, err
 		}
 		caCertPool, err := x509.SystemCertPool()
 		if err != nil {
 			return nil, err
 		}
 		caCertPool.AppendCertsFromPEM(caCert)
 		tr.TLSClientConfig = &tls.Config{
 			RootCAs: caCertPool,
 		}
 	} else {
 		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	}
 	rp := &httputil.ReverseProxy{
Author	SHA1	Message	Date
adamwallred	b8a4fbe40b	Merge e2b34fff62ba7c2e642b07e5d00d7525aaab1f03 into 9d5638cae6dfecb10bff7c6d3e52625fe264fee1	2024-10-18 14:39:03 +08:00
Adam Allred	e2b34fff62	feat(plugin): add rootca and tls verify for client http plugins	2024-09-25 14:42:17 -04:00