mirror of
https://github.com/minio/minio.git
synced 2025-04-18 01:40:11 -04:00
fix: for FTP server driver allow implicit trust of TLS (#17541)
fixes #17535
This commit is contained in:
Harshavardhana
GitHub
parent
9d628346eb
commit
7f782983ca
@ -322,7 +322,7 @@ func (driver *ftpDriver) getMinIOClient(ctx *ftp.Context) (*minio.Client, error)
|
|||||||
return minio.New(driver.endpoint, &minio.Options{
|
return minio.New(driver.endpoint, &minio.Options{
|
||||||
Creds: credentials.NewStaticV4(cred.AccessKey, cred.SecretKey, cred.SessionToken),
|
Creds: credentials.NewStaticV4(cred.AccessKey, cred.SecretKey, cred.SessionToken),
|
||||||
Secure: globalIsTLS,
|
Secure: globalIsTLS,
|
||||||
Transport: globalRemoteTargetTransport,
|
Transport: globalRemoteFTPClientTransport,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -336,7 +336,7 @@ func (driver *ftpDriver) getMinIOClient(ctx *ftp.Context) (*minio.Client, error)
|
|||||||
return minio.New(driver.endpoint, &minio.Options{
|
return minio.New(driver.endpoint, &minio.Options{
|
||||||
Creds: credentials.NewStaticV4(ui.Credentials.AccessKey, ui.Credentials.SecretKey, ""),
|
Creds: credentials.NewStaticV4(ui.Credentials.AccessKey, ui.Credentials.SecretKey, ""),
|
||||||
Secure: globalIsTLS,
|
Secure: globalIsTLS,
|
||||||
Transport: globalRemoteTargetTransport,
|
Transport: globalRemoteFTPClientTransport,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -34,6 +34,8 @@ import (
|
|||||||
"golang.org/x/crypto/ssh"
|
"golang.org/x/crypto/ssh"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var globalRemoteFTPClientTransport = NewRemoteTargetHTTPTransport(true)()
|
||||||
|
|
||||||
// minioLogger use an instance of this to log in a standard format
|
// minioLogger use an instance of this to log in a standard format
|
||||||
type minioLogger struct{}
|
type minioLogger struct{}
|
||||||
|
|
||||||
|
|||||||
@ -256,7 +256,7 @@ func serverHandleCmdArgs(ctx *cli.Context) {
|
|||||||
globalProxyTransport = NewCustomHTTPProxyTransport()()
|
globalProxyTransport = NewCustomHTTPProxyTransport()()
|
||||||
globalProxyEndpoints = GetProxyEndpoints(globalEndpoints)
|
globalProxyEndpoints = GetProxyEndpoints(globalEndpoints)
|
||||||
globalInternodeTransport = NewInternodeHTTPTransport()()
|
globalInternodeTransport = NewInternodeHTTPTransport()()
|
||||||
globalRemoteTargetTransport = NewRemoteTargetHTTPTransport()()
|
globalRemoteTargetTransport = NewRemoteTargetHTTPTransport(false)()
|
||||||
|
|
||||||
globalForwarder = handlers.NewForwarder(&handlers.Forwarder{
|
globalForwarder = handlers.NewForwarder(&handlers.Forwarder{
|
||||||
PassHost: true,
|
PassHost: true,
|
||||||
|
|||||||
@ -143,7 +143,7 @@ func (f *sftpDriver) getMinIOClient() (*minio.Client, error) {
|
|||||||
return minio.New(f.endpoint, &minio.Options{
|
return minio.New(f.endpoint, &minio.Options{
|
||||||
Creds: credentials.NewStaticV4(cred.AccessKey, cred.SecretKey, cred.SessionToken),
|
Creds: credentials.NewStaticV4(cred.AccessKey, cred.SecretKey, cred.SessionToken),
|
||||||
Secure: globalIsTLS,
|
Secure: globalIsTLS,
|
||||||
Transport: globalRemoteTargetTransport,
|
Transport: globalRemoteFTPClientTransport,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -157,7 +157,7 @@ func (f *sftpDriver) getMinIOClient() (*minio.Client, error) {
|
|||||||
return minio.New(f.endpoint, &minio.Options{
|
return minio.New(f.endpoint, &minio.Options{
|
||||||
Creds: credentials.NewStaticV4(ui.Credentials.AccessKey, ui.Credentials.SecretKey, ""),
|
Creds: credentials.NewStaticV4(ui.Credentials.AccessKey, ui.Credentials.SecretKey, ""),
|
||||||
Secure: globalIsTLS,
|
Secure: globalIsTLS,
|
||||||
Transport: globalRemoteTargetTransport,
|
Transport: globalRemoteFTPClientTransport,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -664,14 +664,14 @@ func newCustomDialContext() dialContext {
|
|||||||
|
|
||||||
// NewRemoteTargetHTTPTransport returns a new http configuration
|
// NewRemoteTargetHTTPTransport returns a new http configuration
|
||||||
// used while communicating with the remote replication targets.
|
// used while communicating with the remote replication targets.
|
||||||
func NewRemoteTargetHTTPTransport() func() *http.Transport {
|
func NewRemoteTargetHTTPTransport(insecure bool) func() *http.Transport {
|
||||||
return xhttp.ConnSettings{
|
return xhttp.ConnSettings{
|
||||||
DialContext: newCustomDialContext(),
|
DialContext: newCustomDialContext(),
|
||||||
DNSCache: globalDNSCache,
|
DNSCache: globalDNSCache,
|
||||||
RootCAs: globalRootCAs,
|
RootCAs: globalRootCAs,
|
||||||
TCPOptions: globalTCPOptions,
|
TCPOptions: globalTCPOptions,
|
||||||
EnableHTTP2: false,
|
EnableHTTP2: false,
|
||||||
}.NewRemoteTargetHTTPTransport()
|
}.NewRemoteTargetHTTPTransport(insecure)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load the json (typically from disk file).
|
// Load the json (typically from disk file).
|
||||||
|
|||||||
@ -78,7 +78,6 @@ func (s ConnSettings) getDefaultTransport() *http.Transport {
|
|||||||
IdleConnTimeout: 15 * time.Second,
|
IdleConnTimeout: 15 * time.Second,
|
||||||
ResponseHeaderTimeout: 15 * time.Minute, // Conservative timeout is the default (for MinIO internode)
|
ResponseHeaderTimeout: 15 * time.Minute, // Conservative timeout is the default (for MinIO internode)
|
||||||
TLSHandshakeTimeout: 10 * time.Second,
|
TLSHandshakeTimeout: 10 * time.Second,
|
||||||
ExpectContinueTimeout: 10 * time.Second,
|
|
||||||
TLSClientConfig: &tlsClientConfig,
|
TLSClientConfig: &tlsClientConfig,
|
||||||
ForceAttemptHTTP2: s.EnableHTTP2,
|
ForceAttemptHTTP2: s.EnableHTTP2,
|
||||||
// Go net/http automatically unzip if content-type is
|
// Go net/http automatically unzip if content-type is
|
||||||
@ -117,7 +116,6 @@ func (s ConnSettings) NewInternodeHTTPTransport() func() http.RoundTripper {
|
|||||||
|
|
||||||
// Settings specific to internode requests.
|
// Settings specific to internode requests.
|
||||||
tr.TLSHandshakeTimeout = 15 * time.Second
|
tr.TLSHandshakeTimeout = 15 * time.Second
|
||||||
tr.ExpectContinueTimeout = 15 * time.Second
|
|
||||||
|
|
||||||
return func() http.RoundTripper {
|
return func() http.RoundTripper {
|
||||||
return tr
|
return tr
|
||||||
@ -167,12 +165,12 @@ func (s ConnSettings) NewHTTPTransportWithClientCerts(ctx context.Context, clien
|
|||||||
|
|
||||||
// NewRemoteTargetHTTPTransport returns a new http configuration
|
// NewRemoteTargetHTTPTransport returns a new http configuration
|
||||||
// used while communicating with the remote replication targets.
|
// used while communicating with the remote replication targets.
|
||||||
func (s ConnSettings) NewRemoteTargetHTTPTransport() func() *http.Transport {
|
func (s ConnSettings) NewRemoteTargetHTTPTransport(insecure bool) func() *http.Transport {
|
||||||
tr := s.getDefaultTransport()
|
tr := s.getDefaultTransport()
|
||||||
|
|
||||||
tr.TLSHandshakeTimeout = 5 * time.Second
|
tr.TLSHandshakeTimeout = 10 * time.Second
|
||||||
tr.ExpectContinueTimeout = 5 * time.Second
|
|
||||||
tr.ResponseHeaderTimeout = 0
|
tr.ResponseHeaderTimeout = 0
|
||||||
|
tr.TLSClientConfig.InsecureSkipVerify = insecure
|
||||||
|
|
||||||
return func() *http.Transport {
|
return func() *http.Transport {
|
||||||
return tr
|
return tr
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user