diff --git a/appservice/api/query.go b/appservice/api/query.go index 7e61d6233..bf4829290 100644 --- a/appservice/api/query.go +++ b/appservice/api/query.go @@ -19,14 +19,17 @@ package api import ( "context" + "crypto/tls" "database/sql" "net/http" + "time" "github.com/matrix-org/dendrite/clientapi/auth/authtypes" "github.com/matrix-org/dendrite/clientapi/auth/storage/accounts" "github.com/matrix-org/gomatrixserverlib" "github.com/matrix-org/dendrite/common" + "github.com/matrix-org/dendrite/common/config" commonHTTP "github.com/matrix-org/dendrite/common/http" opentracing "github.com/opentracing/opentracing-go" ) @@ -99,13 +102,20 @@ type httpAppServiceQueryAPI struct { // to a HTTP POST API. // If httpClient is nil then it uses http.DefaultClient func NewAppServiceQueryAPIHTTP( - appserviceURL string, + Cfg *config.Dendrite, httpClient *http.Client, ) AppServiceQueryAPI { if httpClient == nil { - httpClient = http.DefaultClient + customTransport := http.DefaultTransport.(*http.Transport).Clone() + if Cfg.Test.SkipSSLVerify == true { + customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + } + httpClient = &http.Client{ + Timeout: time.Second * 30, + Transport: customTransport, + } } - return &httpAppServiceQueryAPI{appserviceURL, httpClient} + return &httpAppServiceQueryAPI{Cfg.AppServiceURL(), httpClient} } // RoomAliasExists implements AppServiceQueryAPI diff --git a/appservice/appservice.go b/appservice/appservice.go index 181799879..ace3e23bb 100644 --- a/appservice/appservice.go +++ b/appservice/appservice.go @@ -16,6 +16,7 @@ package appservice import ( "context" + "crypto/tls" "net/http" "sync" "time" @@ -82,6 +83,14 @@ func SetupAppServiceAPIComponent( }, Cfg: base.Cfg, } + if base.Cfg.Test.SkipSSLVerify == true { + customTransport := http.DefaultTransport.(*http.Transport).Clone() + customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + appserviceQueryAPI.HTTPClient = &http.Client{ + Transport: customTransport, + Timeout: time.Second * 30, + } + } appserviceQueryAPI.SetupHTTP(http.DefaultServeMux) diff --git a/appservice/query/query.go b/appservice/query/query.go index fde3ab09c..83704571b 100644 --- a/appservice/query/query.go +++ b/appservice/query/query.go @@ -18,6 +18,7 @@ package query import ( "context" + "crypto/tls" "encoding/json" "net/http" "net/url" @@ -52,7 +53,7 @@ func (a *AppServiceQueryAPI) RoomAliasExists( // Create an HTTP client if one does not already exist if a.HTTPClient == nil { - a.HTTPClient = makeHTTPClient() + a.HTTPClient = makeHTTPClient(a.Cfg.Test.SkipSSLVerify) } // Determine which application service should handle this request @@ -120,7 +121,7 @@ func (a *AppServiceQueryAPI) UserIDExists( // Create an HTTP client if one does not already exist if a.HTTPClient == nil { - a.HTTPClient = makeHTTPClient() + a.HTTPClient = makeHTTPClient(a.Cfg.Test.SkipSSLVerify) } // Determine which application service should handle this request @@ -174,9 +175,14 @@ func (a *AppServiceQueryAPI) UserIDExists( } // makeHTTPClient creates an HTTP client with certain options that will be used for all query requests to application services -func makeHTTPClient() *http.Client { +func makeHTTPClient(skipSSLVerify bool) *http.Client { + customTransport := http.DefaultTransport.(*http.Transport).Clone() + if skipSSLVerify == true { + customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + } return &http.Client{ - Timeout: time.Second * 30, + Transport: customTransport, + Timeout: time.Second * 30, } } diff --git a/clientapi/threepid/invites.go b/clientapi/threepid/invites.go index aa54aa9fa..c371005f5 100644 --- a/clientapi/threepid/invites.go +++ b/clientapi/threepid/invites.go @@ -16,6 +16,7 @@ package threepid import ( "context" + "crypto/tls" "encoding/json" "errors" "fmt" @@ -226,6 +227,14 @@ func queryIDServerStoreInvite( } client := http.Client{} + if cfg.Test.SkipSSLVerify == true { + customTransport := http.DefaultTransport.(*http.Transport).Clone() + customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + client = http.Client{ + Transport: customTransport, + Timeout: time.Second * 30, + } + } data := url.Values{} data.Add("medium", body.Medium) diff --git a/clientapi/threepid/threepid.go b/clientapi/threepid/threepid.go index a7f26c295..4e8d836ab 100644 --- a/clientapi/threepid/threepid.go +++ b/clientapi/threepid/threepid.go @@ -16,6 +16,7 @@ package threepid import ( "context" + "crypto/tls" "encoding/json" "errors" "fmt" @@ -23,6 +24,7 @@ import ( "net/url" "strconv" "strings" + "time" "github.com/matrix-org/dendrite/common/config" ) @@ -74,6 +76,14 @@ func CreateSession( request.Header.Add("Content-Type", "application/x-www-form-urlencoded") client := http.Client{} + if cfg.Test.SkipSSLVerify == true { + customTransport := http.DefaultTransport.(*http.Transport).Clone() + customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + client = http.Client{ + Transport: customTransport, + Timeout: time.Second * 30, + } + } resp, err := client.Do(request.WithContext(ctx)) if err != nil { return "", err @@ -161,6 +171,14 @@ func PublishAssociation(creds Credentials, userID string, cfg *config.Dendrite) request.Header.Add("Content-Type", "application/x-www-form-urlencoded") client := http.Client{} + if cfg.Test.SkipSSLVerify == true { + customTransport := http.DefaultTransport.(*http.Transport).Clone() + customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + client = http.Client{ + Transport: customTransport, + Timeout: time.Second * 30, + } + } resp, err := client.Do(request) if err != nil { return err diff --git a/common/basecomponent/base.go b/common/basecomponent/base.go index 4274de2b6..4abfdca05 100644 --- a/common/basecomponent/base.go +++ b/common/basecomponent/base.go @@ -95,7 +95,7 @@ func (b *BaseDendrite) Close() error { // CreateHTTPAppServiceAPIs returns the QueryAPI for hitting the appservice // component over HTTP. func (b *BaseDendrite) CreateHTTPAppServiceAPIs() appserviceAPI.AppServiceQueryAPI { - return appserviceAPI.NewAppServiceQueryAPIHTTP(b.Cfg.AppServiceURL(), nil) + return appserviceAPI.NewAppServiceQueryAPIHTTP(b.Cfg, nil) } // CreateHTTPRoomserverAPIs returns the AliasAPI, InputAPI and QueryAPI for hitting diff --git a/common/config/config.go b/common/config/config.go index 0332d0358..c1ecfe1cb 100644 --- a/common/config/config.go +++ b/common/config/config.go @@ -268,6 +268,10 @@ type Dendrite struct { // Note: An Exclusive Regex for room ID isn't necessary as we aren't blocking // servers from creating RoomIDs in exclusive application service namespaces } `yaml:"-"` + + Test struct { + SkipSSLVerify bool `yaml:"skip_verify_SSL_certificates"` + } `yaml:"test"` } // A Path on the filesystem.