search

getsentry / raven-go

Sentry client in Go
https://sentry.io
BSD 3-Clause "New" or "Revised" License
561 stars 148 forks source link

No way to disable SSL verification #169

Open mavidser opened 6 years ago

mavidser commented 6 years ago

Title says it all.

What'd be the best way to go ahead with implementing the solution? One way's to implement a DisableSSLValidation() on the client, or alternatively we can use the ?ssl_verify=0 like the python client uses. Thoughts?

Maybe we can implement supplying our own CertPool in the future too.

negbie commented 6 years ago

+1

B-iggy commented 6 years ago

+1

subvillion commented 5 years ago

AGRRHHH! I spent hours to understood, why nothing worked. The stupidest thing with the SSL error - I can't see this error!!! I used https://github.com/evalphobia/logrus_sentry and only that save my mental

Failed to fire hook: Post https://sentry-xxx.ru/api/284/store/: x509: certificate signed by unknown authority
ERRO[0000] test
subvillion commented 5 years ago

Quick fix: add InsecureSkipVerify: true to client.go newTransport func

func newTransport() Transport {
    t := &HTTPTransport{}
    rootCAs, err := gocertifi.CACerts()
    if err != nil {
        log.Println("raven: failed to load root TLS certificates:", err)
    } else {
        t.Client = &http.Client{
            Transport: &http.Transport{
                Proxy:           http.ProxyFromEnvironment,
                TLSClientConfig: &tls.Config{RootCAs: rootCAs, InsecureSkipVerify: true},
            },
        }
    }
    return t
}
negbie commented 5 years ago

@subvillion mby you should add func (client *Client) SetSSLVerify(verify bool) error { ..... } and add some additional logic to make this configurable. Then you could do a pull request.

mavidser commented 5 years ago

@subvillion Can you test out #221 - [branch] ? It adds a SetSSLVerification method for disabling SSL verification.

Unfortunately I'm unable to verify it for a few days.

subvillion commented 5 years ago

@mavidser - thx, just works!

sentry, _ := raven.New("https://xxx@domain/8848")
sentry.SetSSLVerification(false)
sentry.CaptureMessageAndWait("myMSG")
mavidser commented 5 years ago

ack, verified! thanks!

btw, if anyone wants to disable verification without forking raven, here's how I do it currently (until linked the PR is merged):

client, _ := raven.New("https://xxx@domain/id")
// use raven.DefaultClient instead of client if using the package directly
client.Transport = &raven.HTTPTransport{
    Client: &http.Client{
        Transport: &http.Transport{
            Proxy:           http.ProxyFromEnvironment,
            TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
        },
    },
}