Add a flag to skip certificate verification (#109)

stripe · Aug 15, 2019 · cb22ac3 · cb22ac3
1 parent bdce130
commit cb22ac3
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/pkg/cmd/listen.go b/pkg/cmd/listen.go
@@ -28,6 +28,7 @@ type listenCmd struct {
 	latestAPIVersion    bool
 	loadFromWebhooksAPI bool
 	printJSON           bool
+	skipVerify          bool
 
 	apiBaseURL string
 	noWSS      bool
@@ -67,6 +68,7 @@ to your localhost:
 	lc.cmd.Flags().BoolVarP(&lc.latestAPIVersion, "latest", "l", false, "Receive events formatted with the latest API version (default: your account's default API version)")
 	lc.cmd.Flags().BoolVarP(&lc.printJSON, "print-json", "p", false, "Print full JSON objects to stdout")
 	lc.cmd.Flags().BoolVarP(&lc.loadFromWebhooksAPI, "load-from-webhooks-api", "a", false, "Load webhook endpoint configuration from the webhooks API")
+	lc.cmd.Flags().BoolVarP(&lc.skipVerify, "skip-verify", "", false, "Skip certificate verification when forwarding to HTTPS endpoints")
 
 	// Hidden configuration flags, useful for dev/debugging
 	lc.cmd.Flags().StringVar(&lc.apiBaseURL, "api-base", "", "Sets the API base URL")
@@ -140,6 +142,7 @@ func (lc *listenCmd) runListenCmd(cmd *cobra.Command, args []string) error {
 		WebSocketFeature:    webhooksWebSocketFeature,
 		PrintJSON:           lc.printJSON,
 		UseLatestAPIVersion: lc.latestAPIVersion,
+		SkipVerify:          lc.skipVerify,
 		Log:                 log.StandardLogger(),
 		NoWSS:               lc.noWSS,
 	})

diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go
@@ -1,6 +1,7 @@
 package proxy
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -55,6 +56,9 @@ type Config struct {
 	// Indicates whether to filter events formatted with the default or latest API version
 	UseLatestAPIVersion bool
 
+	// Indicates whether to skip certificate verification when forwarding webhooks to HTTPS endpoints
+	SkipVerify bool
+
 	Log *log.Logger
 
 	// Force use of unencrypted ws:// protocol instead of wss://
@@ -242,6 +246,12 @@ func New(cfg *Config) *Proxy {
 			route.Connect,
 			route.EventTypes,
 			&EndpointConfig{
+				HTTPClient: &http.Client{
+					Timeout: defaultTimeout,
+					Transport: &http.Transport{
+						TLSClientConfig: &tls.Config{InsecureSkipVerify: cfg.SkipVerify},
+					},
+				},
 				Log:             p.cfg.Log,
 				ResponseHandler: EndpointResponseHandlerFunc(p.processEndpointResponse),
 			},