From 946981ad280a5cb5ec5f13121009e1fdae349b55 Mon Sep 17 00:00:00 2001
From: Cory Bennett <cbennett@netflix.com>
Date: Mon, 4 Nov 2024 15:57:44 -0800
Subject: [PATCH] feat: add coder.tlsAltHost option

This allows using a specific hostname for the TLS connection, this is
useful when the tls cert does not match the hostname of the server which
can be used for testing.
---
 package.json | 5 +++++
 src/api.ts   | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index fdc1d4e4..b2cbe4e5 100644
--- a/package.json
+++ b/package.json
@@ -88,6 +88,11 @@
           "type": "string",
           "default": ""
         },
+        "coder.tlsAltHost": {
+          "markdownDescription": "Alternative hostname to use for TLS verification. This is useful when the hostname in the certificate does not match the hostname used to connect.",
+          "type": "string",
+          "default": ""
+        },
         "coder.proxyLogDirectory": {
           "markdownDescription": "If set, the Coder CLI will output extra SSH information into this directory, which can be helpful for debugging connectivity issues.",
           "type": "string",
diff --git a/src/api.ts b/src/api.ts
index e784ccce..fafeaf56 100644
--- a/src/api.ts
+++ b/src/api.ts
@@ -31,6 +31,7 @@ async function createHttpAgent(): Promise<ProxyAgent> {
   const certFile = expandPath(String(cfg.get("coder.tlsCertFile") ?? "").trim())
   const keyFile = expandPath(String(cfg.get("coder.tlsKeyFile") ?? "").trim())
   const caFile = expandPath(String(cfg.get("coder.tlsCaFile") ?? "").trim())
+  const altHost = expandPath(String(cfg.get("coder.tlsAltHost") ?? "").trim())
 
   return new ProxyAgent({
     // Called each time a request is made.
@@ -41,6 +42,7 @@ async function createHttpAgent(): Promise<ProxyAgent> {
     cert: certFile === "" ? undefined : await fs.readFile(certFile),
     key: keyFile === "" ? undefined : await fs.readFile(keyFile),
     ca: caFile === "" ? undefined : await fs.readFile(caFile),
+    servername: altHost === "" ? undefined : altHost,
     // rejectUnauthorized defaults to true, so we need to explicitly set it to
     // false if we want to allow self-signed certificates.
     rejectUnauthorized: !insecure,
@@ -66,7 +68,8 @@ async function getHttpAgent(): Promise<ProxyAgent> {
         e.affectsConfiguration("coder.insecure") ||
         e.affectsConfiguration("coder.tlsCertFile") ||
         e.affectsConfiguration("coder.tlsKeyFile") ||
-        e.affectsConfiguration("coder.tlsCaFile")
+        e.affectsConfiguration("coder.tlsCaFile") ||
+        e.affectsConfiguration("coder.tlsAltHost")
       ) {
         agent = createHttpAgent()
       }

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/coder/vscode-coder/pull/398.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/coder/vscode-coder/pull/398.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/coder/vscode-coder/pull/398.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/coder/vscode-coder/pull/398.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>