3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-29 22:48:15 +02:00
Code Issues Projects Releases Packages Wiki Activity

hpke: fix hpke key fetcher when using self-signed certificates

Browse source
This commit is contained in:
Caleb Doxsey 2023-01-06 09:54:17 -07:00
parent 488bcd6f72
commit 0c70fd3a1f
3 changed files with 23 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

8
proxy/state.go
View file

@ -3,12 +3,12 @@ package proxy
import (
"context"
"crypto/cipher"
"fmt"
"net/url"
"github.com/pomerium/pomerium/config"
"github.com/pomerium/pomerium/internal/encoding"
"github.com/pomerium/pomerium/internal/encoding/jws"
"github.com/pomerium/pomerium/internal/httputil"
"github.com/pomerium/pomerium/internal/sessions"
"github.com/pomerium/pomerium/internal/sessions/cookie"
"github.com/pomerium/pomerium/pkg/cryptutil"
@ -66,11 +66,7 @@ func newProxyStateFromConfig(cfg *config.Config) (*proxyState, error) {
jwksURL := authenticateURL.ResolveReference(&url.URL{
Path: "/.well-known/pomerium/jwks.json",
}).String()
transport, err := config.GetTLSClientTransport(cfg)
if err != nil {
return nil, fmt.Errorf("authorize: get tls client config: %w", err)
}
state.authenticateKeyFetcher = hpke.NewKeyFetcher(jwksURL, transport)
state.authenticateKeyFetcher = hpke.NewKeyFetcher(jwksURL, httputil.GetInsecureTransport())
state.sharedCipher, err = cryptutil.NewAEADCipher(state.sharedKey)
if err != nil {