Fix#609

appservice/api/query.go

@@ -19,14 +19,17 @@ package api
 
 import (
 	"context"
+	"crypto/tls"
 	"database/sql"
 	"net/http"
+	"time"
 
 	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 	"github.com/matrix-org/dendrite/clientapi/auth/storage/accounts"
 	"github.com/matrix-org/gomatrixserverlib"
 
 	"github.com/matrix-org/dendrite/common"
+	"github.com/matrix-org/dendrite/common/config"
 	commonHTTP "github.com/matrix-org/dendrite/common/http"
 	opentracing "github.com/opentracing/opentracing-go"
 )
@@ -99,13 +102,20 @@ type httpAppServiceQueryAPI struct {
 // to a HTTP POST API.
 // If httpClient is nil then it uses http.DefaultClient
 func NewAppServiceQueryAPIHTTP(
-	appserviceURL string,
+	Cfg *config.Dendrite,
 	httpClient *http.Client,
 ) AppServiceQueryAPI {
 	if httpClient == nil {
-		httpClient = http.DefaultClient
+		customTransport := http.DefaultTransport.(*http.Transport).Clone()
+		if Cfg.Test.SkipSSLVerify == true {
+			customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		}
+		httpClient = &http.Client{
+			Timeout:   time.Second * 30,
+			Transport: customTransport,
+		}
 	}
-	return &httpAppServiceQueryAPI{appserviceURL, httpClient}
+	return &httpAppServiceQueryAPI{Cfg.AppServiceURL(), httpClient}
 }
 
 // RoomAliasExists implements AppServiceQueryAPI

appservice/appservice.go

@@ -16,6 +16,7 @@ package appservice
 
 import (
 	"context"
+	"crypto/tls"
 	"net/http"
 	"sync"
 	"time"
@@ -82,6 +83,14 @@ func SetupAppServiceAPIComponent(
 		},
 		Cfg: base.Cfg,
 	}
+	if base.Cfg.Test.SkipSSLVerify == true {
+		customTransport := http.DefaultTransport.(*http.Transport).Clone()
+		customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		appserviceQueryAPI.HTTPClient = &http.Client{
+			Transport: customTransport,
+			Timeout:   time.Second * 30,
+		}
+	}
 
 	appserviceQueryAPI.SetupHTTP(http.DefaultServeMux)
 

appservice/query/query.go

@@ -18,6 +18,7 @@ package query
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"net/http"
 	"net/url"
@@ -52,7 +53,7 @@ func (a *AppServiceQueryAPI) RoomAliasExists(
 
 	// Create an HTTP client if one does not already exist
 	if a.HTTPClient == nil {
-		a.HTTPClient = makeHTTPClient()
+		a.HTTPClient = makeHTTPClient(a.Cfg.Test.SkipSSLVerify)
 	}
 
 	// Determine which application service should handle this request
@@ -120,7 +121,7 @@ func (a *AppServiceQueryAPI) UserIDExists(
 
 	// Create an HTTP client if one does not already exist
 	if a.HTTPClient == nil {
-		a.HTTPClient = makeHTTPClient()
+		a.HTTPClient = makeHTTPClient(a.Cfg.Test.SkipSSLVerify)
 	}
 
 	// Determine which application service should handle this request
@@ -174,9 +175,14 @@ func (a *AppServiceQueryAPI) UserIDExists(
 }
 
 // makeHTTPClient creates an HTTP client with certain options that will be used for all query requests to application services
-func makeHTTPClient() *http.Client {
+func makeHTTPClient(skipSSLVerify bool) *http.Client {
+	customTransport := http.DefaultTransport.(*http.Transport).Clone()
+	if skipSSLVerify == true {
+		customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
 	return &http.Client{
-		Timeout: time.Second * 30,
+		Transport: customTransport,
+		Timeout:   time.Second * 30,
 	}
 }
 

clientapi/threepid/invites.go

@@ -16,6 +16,7 @@ package threepid
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -226,6 +227,14 @@ func queryIDServerStoreInvite(
 	}
 
 	client := http.Client{}
+	if cfg.Test.SkipSSLVerify == true {
+		customTransport := http.DefaultTransport.(*http.Transport).Clone()
+		customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		client = http.Client{
+			Transport: customTransport,
+			Timeout: time.Second * 30,
+		}
+	}
 
 	data := url.Values{}
 	data.Add("medium", body.Medium)

clientapi/threepid/threepid.go

@@ -16,6 +16,7 @@ package threepid
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -23,6 +24,7 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/matrix-org/dendrite/common/config"
 )
@@ -74,6 +76,14 @@ func CreateSession(
 	request.Header.Add("Content-Type", "application/x-www-form-urlencoded")
 
 	client := http.Client{}
+	if cfg.Test.SkipSSLVerify == true {
+		customTransport := http.DefaultTransport.(*http.Transport).Clone()
+		customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		client = http.Client{
+			Transport: customTransport,
+			Timeout:   time.Second * 30,
+		}
+	}
 	resp, err := client.Do(request.WithContext(ctx))
 	if err != nil {
 		return "", err
@@ -161,6 +171,14 @@ func PublishAssociation(creds Credentials, userID string, cfg *config.Dendrite)
 	request.Header.Add("Content-Type", "application/x-www-form-urlencoded")
 
 	client := http.Client{}
+	if cfg.Test.SkipSSLVerify == true {
+		customTransport := http.DefaultTransport.(*http.Transport).Clone()
+		customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		client = http.Client{
+			Transport: customTransport,
+			Timeout:   time.Second * 30,
+		}
+	}
 	resp, err := client.Do(request)
 	if err != nil {
 		return err

common/basecomponent/base.go

@@ -95,7 +95,7 @@ func (b *BaseDendrite) Close() error {
 // CreateHTTPAppServiceAPIs returns the QueryAPI for hitting the appservice
 // component over HTTP.
 func (b *BaseDendrite) CreateHTTPAppServiceAPIs() appserviceAPI.AppServiceQueryAPI {
-	return appserviceAPI.NewAppServiceQueryAPIHTTP(b.Cfg.AppServiceURL(), nil)
+	return appserviceAPI.NewAppServiceQueryAPIHTTP(b.Cfg, nil)
 }
 
 // CreateHTTPRoomserverAPIs returns the AliasAPI, InputAPI and QueryAPI for hitting

common/config/config.go

@@ -268,6 +268,10 @@ type Dendrite struct {
 		// Note: An Exclusive Regex for room ID isn't necessary as we aren't blocking
 		// servers from creating RoomIDs in exclusive application service namespaces
 	} `yaml:"-"`
+
+	Test struct {
+		SkipSSLVerify bool `yaml:"skip_verify_SSL_certificates"`
+	} `yaml:"test"`
 }
 
 // A Path on the filesystem.