Unable to disable TLS verification

[cpatrickalves]

Wave SDK Version, OS

1.1.2, Linux/Docker

Actual behavior

I have a Keycloak service that I want to use to authenticate users on a Wave app.
I've tried different combinations of -no-tls-verify and H2O_WAVE_NO_TLS_VERIFY=true with no success.

panic: failed connecting to OIDC provider: Get "https://keycloak.xxxx/realms/xxxx/.well-known/openid-configuration": tls: failed to verify certificate: x509: certificate signed by unknown authority

Expected behavior

Should not compliant about the certificate

Steps To Reproduce

Build a Docker image and start the Waved service with the following script:

#!/usr/bin/env bash

set -e

export H2O_WAVE_NO_TLS_VERIFY=true
export H2O_WAVE_OIDC_CLIENT_ID=plataforma-xxxx
export H2O_WAVE_OIDC_CLIENT_SECRET=xxxx
export H2O_WAVE_OIDC_PROVIDER_URL=https://keycloak.xxxx/realms/xxxx
export H2O_WAVE_OIDC_REDIRECT_URL=http://localhost:10101/_auth/callback
export H2O_WAVE_OIDC_END_SESSION_URL=https://keycloak.xxxx/realms/xxxx/protocol/openid-connect/logout
export H2O_WAVE_ADDRESS="http://127.0.0.1:${PORT}"

export
printf '\n$ ( cd %s && ./waved -listen ":%s"  & )\n\n' "${WAVE_PATH}" "${PORT}"
(cd "${WAVE_PATH}" && ./waved  -listen ":${PORT}"& )

sleep 6

printf '\n$ wave run --no-reload --no-autostart %s\n\n' "$PYTHON_MODULE"

exec wave run --no-reload --no-autostart "$PYTHON_MODULE"

I've also tried:
(cd "${WAVE_PATH}" && ./waved -no-tls-verify -listen ":${PORT}"& )
export H2O_WAVE_NO_TLS_VERIFY=t
export H2O_WAVE_NO_TLS_VERIFY=1

[mturoci]

Hm... can you try using http as endpoint URL instead? export H2O_WAVE_OIDC_PROVIDER_URL=http://keycloak.xxxx/realms/xxxx

[cpatrickalves]

Its hard to test, because the keycloak server will enforce https (redirect HTTP to HTTPS)

[cpatrickalves]

I've added the certificate file on wave container and that solves my problem.