Open specialforest opened 1 year ago
Thanks for filing the issue. It feels like we should be adding such a transform by default, both to enable cert validation and properly flow SNI to the service.
Hi @specialforest,
I'm having a similar issue. I've tried to use the HttpClient.DangerousAcceptAnyServerCertificate property but I don't manage to make it work. Still getting the same SSL issue.
The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
When using this setting, is there something else to be done to make it work?
kr
When Ingress backend uses HTTPs request forwarding fails with something like:
This happens because the ingress controller resolves the backend service to a set of endpoints which are IP addresses.
ClusterConfig.Destinations
in turn has addresses with just IPs. When forwarding the request there is no information about the destination hostname and therefore server's certificate validation fails.There are couple workarounds:
HttpClientConfig.DangerousAcceptAnyServerCertificate
Host
header:I'm creating this for awareness for others running into the same issue and to discuss if there is anything can be done for it to just work.