Fix DNS resolution with host aliases + Fix TLS Verifiy on default transport (#92)

* Fix DNS resolution with host aliases * Disable TLS on the default transport if required
2026-03-29 04:19:56 +00:00 · 2025-04-04 16:09:19 +02:00
parent 6bf1fc059d
commit e10a9fd256
2 changed files with 7 additions and 0 deletions
--- a/4
+++ b/4
@@ -13,11 +13,15 @@ COPY *.go ./

 ARG TARGETOS TARGETARCH
 RUN GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o lk-jwt-service
+# set up nsswitch.conf for Go's "netgo" implementation
+# - https://github.com/golang/go/blob/go1.24.0/src/net/conf.go#L343
+RUN echo 'hosts: files dns' > /etc/nsswitch.conf

 FROM scratch

 COPY --from=builder /proj/lk-jwt-service /lk-jwt-service
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /etc/nsswitch.conf /etc/nsswitch.conf

 EXPOSE 8080

--- a/main.go
+++ b/main.go
@@ -23,6 +23,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"crypto/tls"

 	"time"

@@ -64,6 +65,8 @@ func exchangeOIDCToken(

 	if skipVerifyTLS {
 		log.Printf("!!! WARNING !!! Skipping TLS verification for matrix client connection to %s", token.MatrixServerName)
+		// Disable TLS verification on the default HTTP Transport for the well-known lookup
+		http.DefaultTransport.(*http.Transport).TLSClientConfig  = &tls.Config{ InsecureSkipVerify: true }
 	}
 	client := fclient.NewClient(fclient.WithWellKnownSRVLookups(true), fclient.WithSkipVerify(skipVerifyTLS))