env var MB_JETTY_SSL_INSECURE to disable SNI check (#37781)

Resolves #29660

env var MB_JETTY_SSL_INSECURE to disable SNI check (#37781)
ffcfaecc · Alexander Solovyov · GitHub · e4e34df9 · ffcfaecc · ffcfaecc
Unverified Commit ffcfaecc authored 1 year ago by Alexander Solovyov Committed by GitHub 1 year ago
--- a/src/metabase/server.clj
+++ b/src/metabase/server.clj
@@ -22,13 +22,15 @@
 (defn- jetty-ssl-config []
  (m/filter-vals
   some?
-   {:ssl-port       (config/config-int :mb-jetty-ssl-port)
-    :keystore       (config/config-str :mb-jetty-ssl-keystore)
-    :key-password   (config/config-str :mb-jetty-ssl-keystore-password)
-    :truststore     (config/config-str :mb-jetty-ssl-truststore)
-    :trust-password (config/config-str :mb-jetty-ssl-truststore-password)
-    :client-auth    (when (config/config-bool :mb-jetty-ssl-client-auth)
-                      :need)}))
+   {:ssl-port        (config/config-int :mb-jetty-ssl-port)
+    :keystore        (config/config-str :mb-jetty-ssl-keystore)
+    :key-password    (config/config-str :mb-jetty-ssl-keystore-password)
+    :truststore      (config/config-str :mb-jetty-ssl-truststore)
+    :trust-password  (config/config-str :mb-jetty-ssl-truststore-password)
+    :client-auth     (when (config/config-bool :mb-jetty-ssl-client-auth)
+                       :need)
+    :sni-host-check? (when (config/config-str :mb-jetty-ssl-insecure)
+                       false)}))

 (defn- jetty-config []
  (cond-> (m/filter-vals
@@ -46,8 +48,7 @@
                                             (merge (jetty-ssl-config)))))

 (defn- log-config [jetty-config]
-  (log/info (trs "Launching Embedded Jetty Webserver with config:")
-            "\n"
+  (log/info "Launching Embedded Jetty Webserver with config:\n"
            (u/pprint-to-str (m/filter-keys
                              #(not (str/includes? % "password"))
                              jetty-config))))

--- a/test/metabase/server_test.clj
+++ b/test/metabase/server_test.clj
@@ -7,18 +7,19 @@
 (deftest config-test
  (testing "Make sure our Jetty config functions work as expected/we don't accidentally break things (#9333)"
    (with-redefs [config/config-str (constantly "10")]
-      (is (= {:keystore       "10"
-              :max-queued     10
+      (is (= {:keystore            "10"
+              :max-queued          10
              :request-header-size 10
-              :port           10
-              :min-threads    10
-              :host           "10"
-              :daemon?        false
-              :ssl?           true
-              :trust-password "10"
-              :key-password   "10"
-              :truststore     "10"
-              :max-threads    10
-              :max-idle-time  10
-              :ssl-port       10}
+              :port                10
+              :min-threads         10
+              :host                "10"
+              :daemon?             false
+              :ssl?                true
+              :sni-host-check?     false
+              :trust-password      "10"
+              :key-password        "10"
+              :truststore          "10"
+              :max-threads         10
+              :max-idle-time       10
+              :ssl-port            10}
             (#'server/jetty-config))))))