cli/pkg/apiclient/ssl.go at 4847d32628b42b9ae5fc85698ba2ff5f70fb7e49 · OctopusDeploy/cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package apiclient

import (
	"crypto/tls"
	"net/http"
)

// ApplySSLIgnoreConfiguration configures the HTTP client to ignore SSL errors
// by setting InsecureSkipVerify on the underlying transport. This function
// handles multiple transport types:
// - Direct *http.Transport
// - *SpinnerRoundTripper wrapping *http.Transport
// - Any other transport type (fallback replacement)
func ApplySSLIgnoreConfiguration(httpClient *http.Client) {
	if httpClient.Transport == nil {
		httpClient.Transport = &http.Transport{}
	}

	// Handle both direct http.Transport and SpinnerRoundTripper wrapping http.Transport
	switch transport := httpClient.Transport.(type) {
	case *http.Transport:
		if transport.TLSClientConfig != nil {
			transport.TLSClientConfig.InsecureSkipVerify = true
		} else {
			transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
		}
	case *SpinnerRoundTripper:
		// If the SpinnerRoundTripper's Next is an http.Transport, configure it
		if httpTransport, ok := transport.Next.(*http.Transport); ok {
			if httpTransport.TLSClientConfig != nil {
				httpTransport.TLSClientConfig.InsecureSkipVerify = true
			} else {
				httpTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
			}
		} else {
			// If Next is not an http.Transport, replace it with one that has SSL verification disabled
			transport.Next = &http.Transport{
				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
			}
		}
	default:
		// Fallback: replace the transport entirely with one that ignores SSL errors
		httpClient.Transport = &http.Transport{
			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
		}
	}
}