Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support proxying images with no provided intermediate cert #241

Merged
merged 1 commit into from
Sep 10, 2020

Conversation

blakestoddard
Copy link
Contributor

I've run across several customer issues over the last few days where the provider sending them content is serving images from a domain without their intermediate cert in the chain. This leads to this wonderful error while trying to load the image:

x509: certificate signed by unknown authority

openssl doesn't complete intermediate cert chains (and neither does net/http), instead opting to toss it off to the app to take care of. This isn't an issue in the browser (or cURL) because they take care of finishing out the cert and verifying it (and Windows does, funnily enough -- macOS and Linux do not).

But! Someone has already solved this issue for net/http: https://github.com/fcjr/aia-transport-go

This PR swaps the http.DefaultTransport struct for one provided by aia-transport-go that can finish fetching and verifying intermediate certificates.

(I don't have an example image unfortunately, I've been troubleshooting with customer-provided images as they write in.)

@codecov
Copy link

codecov bot commented Jun 25, 2020

Codecov Report

Merging #241 into main will increase coverage by 0.14%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #241      +/-   ##
==========================================
+ Coverage   88.04%   88.19%   +0.14%     
==========================================
  Files           6        6              
  Lines         686      542     -144     
==========================================
- Hits          604      478     -126     
+ Misses         56       36      -20     
- Partials       26       28       +2     
Impacted Files Coverage Δ
imageproxy.go 81.56% <ø> (-1.36%) ⬇️
data.go 98.19% <0.00%> (+0.42%) ⬆️
transform.go 89.75% <0.00%> (+1.07%) ⬆️
cmd/imageproxy-sign/main.go 87.50% <0.00%> (+1.50%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 32a8bea...2d5c717. Read the comment docs.

@willnorris willnorris merged commit fd43ff2 into willnorris:main Sep 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants