habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

internal: ignore insecure TLS certs (#5483)

Browse Source 
* servers: ignore insecure TLS certs

* slight refactor to have a single place for tls config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
authentik-db-cooper
2023-05-05 06:57:52 -06:00
committed by GitHub
parent b7b62ba089
commit ab795e6642
4 changed files with 36 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/outpost/ldap/ldap_tls.go
View File

@ -6,6 +6,7 @@ import (
"github.com/pires/go-proxyproto"
"goauthentik.io/internal/config"
"goauthentik.io/internal/utils"
)
func (ls *LDAPServer) getCertificates(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
@ -38,11 +39,8 @@ func (ls *LDAPServer) getCertificates(info *tls.ClientHelloInfo) (*tls.Certifica
func (ls *LDAPServer) StartLDAPTLSServer() error {
listen := config.Get().Listen.LDAPS
tlsConfig := &tls.Config{
MinVersion: tls.VersionTLS12,
MaxVersion: tls.VersionTLS12,
GetCertificate: ls.getCertificates,
}
tlsConfig := utils.GetTLSConfig()
tlsConfig.GetCertificate = ls.getCertificates
ln, err := net.Listen("tcp", listen)
if err != nil {