Allow disabling of certificate verification for WebDAV (#98)

offen · Apr 20, 2022 · 94a1edc · 94a1edc
1 parent a654097
commit 94a1edc
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -207,9 +207,9 @@ You can populate below template according to your requirements and use it as you
 # AWS_ENDPOINT_PROTO="https"
 
 # Setting this variable to `true` will disable verification of
-# SSL certificates. You shouldn't use this unless you use self-signed
-# certificates for your remote storage backend. This can only be used
-# when AWS_ENDPOINT_PROTO is set to `https`.
+# SSL certificates for AWS_ENDPOINT. You shouldn't use this unless you use
+# self-signed certificates for your remote storage backend. This can only be
+# used when AWS_ENDPOINT_PROTO is set to `https`.
 
 # AWS_ENDPOINT_INSECURE="true"
 
@@ -232,6 +232,12 @@ You can populate below template according to your requirements and use it as you
 
 # WEBDAV_PASSWORD="password"
 
+# Setting this variable to `true` will disable verification of
+# SSL certificates for WEBDAV_URL. You shouldn't use this unless you use
+# self-signed certificates for your remote storage backend.
+
+# WEBDAV_URL_INSECURE="true"
+
 # In addition to storing backups remotely, you can also keep local copies.
 # Pass a container-local path to store your backups if needed. You also need to
 # mount a local folder or Docker volume into that location (`/archive`

diff --git a/cmd/backup/config.go b/cmd/backup/config.go
@@ -36,6 +36,7 @@ type Config struct {
 	EmailSMTPUsername          string        `envconfig:"EMAIL_SMTP_USERNAME"`
 	EmailSMTPPassword          string        `envconfig:"EMAIL_SMTP_PASSWORD"`
 	WebdavUrl                  string        `split_words:"true"`
+	WebdavUrlInsecure          bool          `split_words:"true"`
 	WebdavPath                 string        `split_words:"true" default:"/"`
 	WebdavUsername             string        `split_words:"true"`
 	WebdavPassword             string        `split_words:"true"`

diff --git a/cmd/backup/script.go b/cmd/backup/script.go
@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"io"
 	"io/fs"
+	"net/http"
 	"os"
 	"path"
 	"path/filepath"
@@ -146,6 +147,15 @@ func newScript() (*script, error) {
 		} else {
 			webdavClient := gowebdav.NewClient(s.c.WebdavUrl, s.c.WebdavUsername, s.c.WebdavPassword)
 			s.webdavClient = webdavClient
+			if s.c.WebdavUrlInsecure {
+				defaultTransport, ok := http.DefaultTransport.(*http.Transport)
+				if !ok {
+					return nil, errors.New("newScript: unexpected error when asserting type for http.DefaultTransport")
+				}
+				webdavTransport := defaultTransport.Clone()
+				webdavTransport.TLSClientConfig.InsecureSkipVerify = s.c.WebdavUrlInsecure
+				s.webdavClient.SetTransport(webdavTransport)
+			}
 		}
 	}
 

diff --git a/test/compose/docker-compose.yml b/test/compose/docker-compose.yml
@@ -43,6 +43,7 @@ services:
       BACKUP_PRUNING_PREFIX: test
       GPG_PASSPHRASE: 1234secret
       WEBDAV_URL: http://webdav/
+      WEBDAV_URL_INSECURE: 'true'
       WEBDAV_PATH: /my/new/path/
       WEBDAV_USERNAME: test
       WEBDAV_PASSWORD: test