add support for skipping tls certificate verification in client-to-server websocket connections

cherry-picked from: #84
credits: https://github.com/Meteorite

closes: #34

Author: Meteorite

README.md

@@ -216,6 +216,14 @@ $ chisel client --help
     the chisel server. Authentication can be specified inside the URL.
     For example, http://admin:[email protected]:8081
 
+    --skip-tls-verification, Don't verify the server's TLS certificate
+    chain and host name (if TLS is used for transport connections to
+    server). If set, client accepts any TLS certificate presented by
+    the server and any host name in that certificate. This influences
+    only transport https (wss) connections. Chisel server's public key
+    may be still verified (see --fingerprint) after inner connection
+    is established.
+
     --hostname, Optionally set the 'Host' header (defaults to the host
     defined in the endpoint url).
 

client/client.go

@@ -2,6 +2,7 @@ package chclient
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"io"
 	"net"
@@ -26,6 +27,7 @@ type Config struct {
 	MaxRetryCount    int
 	MaxRetryInterval time.Duration
 	Server           string
+	SkipTlsVerification bool
 	HTTPProxy        string
 	Remotes          []string
 	HostHeader       string
@@ -199,6 +201,9 @@ func (c *Client) connectionLoop() {
 				return c.httpProxyURL, nil
 			}
 		}
+		if c.config.SkipTlsVerification {
+			d.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		}
 		wsHeaders := http.Header{}
 		if c.config.HostHeader != "" {
 			wsHeaders = http.Header{

main.go

@@ -264,6 +264,14 @@ var clientHelp = `
     the chisel server. Authentication can be specified inside the URL.
     For example, http://admin:[email protected]:8081
 
+    --skip-tls-verification, Don't verify the server's TLS certificate
+    chain and host name (if TLS is used for transport connections to
+    server). If set, client accepts any TLS certificate presented by
+    the server and any host name in that certificate. This influences
+    only transport https (wss) connections. Chisel server's public key
+    may be still verified (see --fingerprint) after inner connection
+    is established.
+
     --hostname, Optionally set the 'Host' header (defaults to the host
     found in the server url).
 ` + commonHelp
@@ -278,6 +286,7 @@ func client(args []string) {
 	maxRetryCount := flags.Int("max-retry-count", -1, "")
 	maxRetryInterval := flags.Duration("max-retry-interval", 0, "")
 	proxy := flags.String("proxy", "", "")
+	skipTlsVerification := flags.Bool("skip-tls-verification", false, "")
 	pid := flags.Bool("pid", false, "")
 	hostname := flags.String("hostname", "", "")
 	verbose := flags.Bool("v", false, "")
@@ -302,6 +311,7 @@ func client(args []string) {
 		MaxRetryInterval: *maxRetryInterval,
 		HTTPProxy:        *proxy,
 		Server:           args[0],
+		SkipTlsVerification: *skipTlsVerification,
 		Remotes:          args[1:],
 		HostHeader:       *hostname,
 	})