From 8e3f3df0c28fa8a9fe66e655bd0caa2d3a0b286d Mon Sep 17 00:00:00 2001 From: Andreas Kupries <andreas.kupries@suse.com> Date: Thu, 26 Jan 2023 16:08:17 +0100 Subject: [PATCH] fix: keep tls config structurues of http and websockets separate, unshared ref: #445 ref: https://github.com/gorilla/websocket/issues/601#issuecomment-1008110621 --- internal/auth/certs.go | 2 +- internal/cli/settings/settings.go | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/internal/auth/certs.go b/internal/auth/certs.go index 25a2a40dec..56003bc713 100644 --- a/internal/auth/certs.go +++ b/internal/auth/certs.go @@ -42,7 +42,7 @@ func ExtendLocalTrust(certs string) { } http.DefaultTransport.(*http.Transport).TLSClientConfig = config - websocket.DefaultDialer.TLSClientConfig = config + websocket.DefaultDialer.TLSClientConfig = config.Clone() // See https://github.com/gorilla/websocket/issues/601 for // what this is a work around for. diff --git a/internal/cli/settings/settings.go b/internal/cli/settings/settings.go index ea587f39dc..b1afc7e9ed 100644 --- a/internal/cli/settings/settings.go +++ b/internal/cli/settings/settings.go @@ -132,13 +132,11 @@ func LoadFrom(file string) (*Settings, error) { } http.DefaultTransport.(*http.Transport).TLSClientConfig = tlsInsecure - websocket.DefaultDialer.TLSClientConfig = tlsInsecure } else { // nolint:gosec // Controlled by user option http.DefaultTransport.(*http.Transport).TLSClientConfig.InsecureSkipVerify = true - // websocket.DefaultDialer.TLSClientConfig refers to the same structure, - // and the assignment has modified it also. } + websocket.DefaultDialer.TLSClientConfig = http.DefaultTransport.(*http.Transport).TLSClientConfig.Clone() } if !cfg.Colors || viper.GetBool("no-colors") {