From 89b5018407e65f646e44b3c6d2fd3f2ed7e36e90 Mon Sep 17 00:00:00 2001 From: Pavel Iakovenko Date: Mon, 26 Feb 2024 06:37:49 -0500 Subject: [PATCH] Insecure mode for https forwarding (#79) --- CONFIG.md | 1 + .../Configuration/RemoteForwardBinding.cs | 8 +++++++- src/Microsoft.Azure.Relay.Bridge/RemoteForwardHost.cs | 4 ++-- src/Microsoft.Azure.Relay.Bridge/TcpRemoteForwarder.cs | 9 +++++++-- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/CONFIG.md b/CONFIG.md index 560dbb3..d8a5125 100644 --- a/CONFIG.md +++ b/CONFIG.md @@ -385,6 +385,7 @@ used on the same entry. For multiple bindings they can be used to form a list. * **HostPort** - TCP port on the host to forward to * **PortName** - Logical port name * **LocalSocket** - named UNIX socket forward to +* **Insecure** - ignores certificate validation errors for https forwarding Examples: diff --git a/src/Microsoft.Azure.Relay.Bridge/Configuration/RemoteForwardBinding.cs b/src/Microsoft.Azure.Relay.Bridge/Configuration/RemoteForwardBinding.cs index aecc883..54a9ab6 100644 --- a/src/Microsoft.Azure.Relay.Bridge/Configuration/RemoteForwardBinding.cs +++ b/src/Microsoft.Azure.Relay.Bridge/Configuration/RemoteForwardBinding.cs @@ -102,7 +102,13 @@ get; set; } - + + public bool Insecure + { + get; + set; + } + public string Path { get; diff --git a/src/Microsoft.Azure.Relay.Bridge/RemoteForwardHost.cs b/src/Microsoft.Azure.Relay.Bridge/RemoteForwardHost.cs index 4c4ed46..aa93d55 100644 --- a/src/Microsoft.Azure.Relay.Bridge/RemoteForwardHost.cs +++ b/src/Microsoft.Azure.Relay.Bridge/RemoteForwardHost.cs @@ -109,7 +109,7 @@ namespace Microsoft.Azure.Relay.Bridge if (binding.Http) { var tcpRemoteForwarder = - new TcpRemoteForwarder(this.config, remoteForward.RelayName, binding.PortName, binding.Host, binding.HostPort, binding.Path, binding.Http); + new TcpRemoteForwarder(this.config, remoteForward.RelayName, binding.PortName, binding.Host, binding.HostPort, binding.Path, binding.Http, binding.Insecure); remoteForwarders.Add(tcpRemoteForwarder.PortName, tcpRemoteForwarder); } else if (!string.IsNullOrEmpty(binding.LocalSocket)) @@ -127,7 +127,7 @@ namespace Microsoft.Azure.Relay.Bridge else if (binding.HostPort > 0) { var tcpRemoteForwarder = - new TcpRemoteForwarder(this.config, remoteForward.RelayName, binding.PortName, binding.Host, binding.HostPort, binding.Path, binding.Http); + new TcpRemoteForwarder(this.config, remoteForward.RelayName, binding.PortName, binding.Host, binding.HostPort, binding.Path, binding.Http, binding.Insecure); remoteForwarders.Add(tcpRemoteForwarder.PortName, tcpRemoteForwarder); } else if (binding.HostPort < 0) diff --git a/src/Microsoft.Azure.Relay.Bridge/TcpRemoteForwarder.cs b/src/Microsoft.Azure.Relay.Bridge/TcpRemoteForwarder.cs index 8c057ed..5ba0a5a 100644 --- a/src/Microsoft.Azure.Relay.Bridge/TcpRemoteForwarder.cs +++ b/src/Microsoft.Azure.Relay.Bridge/TcpRemoteForwarder.cs @@ -28,7 +28,7 @@ namespace Microsoft.Azure.Relay.Bridge private HttpClient httpClient; private string relaySubpath; - internal TcpRemoteForwarder(Config config, string relayName, string portName, string targetServer, int targetPort, string targetPath, bool http) + internal TcpRemoteForwarder(Config config, string relayName, string portName, string targetServer, int targetPort, string targetPath, bool http, bool insecure) { this.config = config; this.PortName = portName; @@ -38,7 +38,12 @@ namespace Microsoft.Azure.Relay.Bridge if ( http ) { - this.httpClient = new HttpClient(); + var httpHandler = new HttpClientHandler(); + if ( insecure ) + { + httpHandler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; + } + this.httpClient = new HttpClient(httpHandler); this.httpClient.BaseAddress = new UriBuilder(portName, targetServer, targetPort, targetPath).Uri; this.httpClient.DefaultRequestHeaders.ExpectContinue = false; this.relaySubpath = "/" + relayName;