Allows all hostnames when trusting all certificates

mohamicorp / stash-jenkins-postreceive-webhook

Webhook used to notify Jenkins when commits are made to Stash

Other

138 stars 100 forks source link

Allows all hostnames when trusting all certificates #176

Closed johsim closed 6 years ago

johsim commented 7 years ago

The SNI issue present in the plugin (the wrong certificate is presented when calling to a Jenkins URL running HTTPS which hosts multiple domains via e.g. a loadbalancer) cannot be handled by just skipping SSL Certificate validation. We also need to skip the hostname-verification. Therefore a fix allowing all hostnames when skipping the SSL Certificate is added to circumvent the hostname check before the certificate is ignored.

johsim commented 7 years ago

This is a bit of a brute force solution to "keep the light on". It is important that this is supported in the plugin, or otherwise my implementation won't work anymore. How do you perceive this matter?

alexBraidwood commented 7 years ago

@johsim I think it's a good idea, but maybe we make this a configuration option instead of a hard-coded rule?

marvinthepa commented 6 years ago

Please also see #194 which both disables hostname checking when SSL is disabled, and enables SNI.

alexBraidwood commented 6 years ago

Merging in #194 fixed this problem, going to close this pull request.