From 8c668d252ceca818322a044f9868123056445ab4 Mon Sep 17 00:00:00 2001
From: Tomer Froumin <Tomer.TF@gmail.com>
Date: Thu, 17 Sep 2020 09:54:22 +0300
Subject: [PATCH] Added flag to skip hostname verification (#814)

Allow to configure the output to ignore TLS certificates that doesn't match the hostname.
This is necessary when connecting using an IP address instead of a domain or using a self signed certificate.
---
 output_tcp.go | 7 ++++---
 settings.go   | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/output_tcp.go b/output_tcp.go
index f56e6716..cebae95e 100644
--- a/output_tcp.go
+++ b/output_tcp.go
@@ -23,8 +23,9 @@ type TCPOutput struct {
 
 // TCPOutputConfig tcp output configuration
 type TCPOutputConfig struct {
-	Secure bool `json:"output-tcp-secure"`
-	Sticky bool `json:"output-tcp-sticky"`
+	Secure     bool `json:"output-tcp-secure"`
+	Sticky     bool `json:"output-tcp-sticky"`
+	SkipVerify bool `json:"output-tcp-skip-verify"`
 }
 
 // NewTCPOutput constructor for TCPOutput
@@ -124,7 +125,7 @@ func (o *TCPOutput) Write(data []byte) (n int, err error) {
 
 func (o *TCPOutput) connect(address string) (conn net.Conn, err error) {
 	if o.config.Secure {
-		conn, err = tls.Dial("tcp", address, &tls.Config{})
+		conn, err = tls.Dial("tcp", address, &tls.Config{InsecureSkipVerify: o.config.SkipVerify})
 	} else {
 		conn, err = net.Dial("tcp", address)
 	}
diff --git a/settings.go b/settings.go
index 32d71aab..3d91e5d6 100644
--- a/settings.go
+++ b/settings.go
@@ -111,6 +111,7 @@ func init() {
 
 	flag.Var(&Settings.OutputTCP, "output-tcp", "Used for internal communication between Gor instances. Example: \n\t# Listen for requests on 80 port and forward them to other Gor instance on 28020 port\n\tgor --input-raw :80 --output-tcp replay.local:28020")
 	flag.BoolVar(&Settings.OutputTCPConfig.Secure, "output-tcp-secure", false, "Use TLS secure connection. --input-file on another end should have TLS turned on as well.")
+	flag.BoolVar(&Settings.OutputTCPConfig.SkipVerify, "output-tcp-skip-verify", false, "Don't verify hostname on TLS secure connection.")
 	flag.BoolVar(&Settings.OutputTCPConfig.Sticky, "output-tcp-sticky", false, "Use Sticky connection. Request/Response with same ID will be sent to the same connection.")
 	flag.BoolVar(&Settings.OutputTCPStats, "output-tcp-stats", false, "Report TCP output queue stats to console every 5 seconds.")