3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-31 23:41:09 +02:00
Code Issues Projects Releases Packages Wiki Activity

hpke: fix hpke key fetcher when using self-signed certificates

Browse source
This commit is contained in:
Caleb Doxsey 2023-01-06 09:54:17 -07:00
parent 488bcd6f72
commit 0c70fd3a1f
3 changed files with 23 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

7
authorize/state.go
View file

@ -10,6 +10,7 @@ import (
"github.com/pomerium/pomerium/authorize/evaluator"
"github.com/pomerium/pomerium/authorize/internal/store"
"github.com/pomerium/pomerium/config"
"github.com/pomerium/pomerium/internal/httputil"
"github.com/pomerium/pomerium/pkg/grpc"
"github.com/pomerium/pomerium/pkg/grpc/databroker"
"github.com/pomerium/pomerium/pkg/hpke"
@ -88,11 +89,7 @@ func newAuthorizeStateFromConfig(cfg *config.Config, store *store.Store) (*autho
jwksURL := authenticateURL.ResolveReference(&url.URL{
Path: "/.well-known/pomerium/jwks.json",
}).String()
transport, err := config.GetTLSClientTransport(cfg)
if err != nil {
return nil, fmt.Errorf("authorize: get tls client config: %w", err)
}
state.authenticateKeyFetcher = hpke.NewKeyFetcher(jwksURL, transport)
state.authenticateKeyFetcher = hpke.NewKeyFetcher(jwksURL, httputil.GetInsecureTransport())
return state, nil
}