diff options
author | Martin Polden <mpolden@mpolden.no> | 2023-04-13 15:21:18 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2023-04-17 10:31:40 +0200 |
commit | 96d8aae1ec9b4f6130b6b610ce23d2bbdb79298a (patch) | |
tree | f482eaa488eb5d5925b49d665b29c07ab516ef7f /client/go/internal/util/http.go | |
parent | cce3b08cbe1864e80d5b9e57891622706b1d8181 (diff) |
Support TLS in custom target
Diffstat (limited to 'client/go/internal/util/http.go')
-rw-r--r-- | client/go/internal/util/http.go | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/client/go/internal/util/http.go b/client/go/internal/util/http.go index dcf05ed3a14..8a67b24dffb 100644 --- a/client/go/internal/util/http.go +++ b/client/go/internal/util/http.go @@ -4,6 +4,7 @@ package util import ( "context" "crypto/tls" + "crypto/x509" "fmt" "net" "net/http" @@ -35,7 +36,7 @@ func (c *defaultHTTPClient) Do(request *http.Request, timeout time.Duration) (re func (c *defaultHTTPClient) Clone() HTTPClient { return CreateClient(c.client.Timeout) } -func SetCertificates(client HTTPClient, certificates []tls.Certificate) { +func ConfigureTLS(client HTTPClient, certificates []tls.Certificate, caCertificate []byte, trustAll bool) { c, ok := client.(*defaultHTTPClient) if !ok { return @@ -43,8 +44,14 @@ func SetCertificates(client HTTPClient, certificates []tls.Certificate) { var tlsConfig *tls.Config = nil if certificates != nil { tlsConfig = &tls.Config{ - Certificates: certificates, - MinVersion: tls.VersionTLS12, + Certificates: certificates, + MinVersion: tls.VersionTLS12, + InsecureSkipVerify: trustAll, + } + if caCertificate != nil { + certs := x509.NewCertPool() + certs.AppendCertsFromPEM(caCertificate) + tlsConfig.RootCAs = certs } } if tr, ok := c.client.Transport.(*http.Transport); ok { @@ -56,19 +63,13 @@ func SetCertificates(client HTTPClient, certificates []tls.Certificate) { } } -func ForceHTTP2(client HTTPClient, certificates []tls.Certificate) { +func ForceHTTP2(client HTTPClient, certificates []tls.Certificate, caCertificate []byte, trustAll bool) { c, ok := client.(*defaultHTTPClient) if !ok { return } - var tlsConfig *tls.Config = nil var dialFunc func(ctx context.Context, network, addr string, cfg *tls.Config) (net.Conn, error) - if certificates != nil { - tlsConfig = &tls.Config{ - Certificates: certificates, - MinVersion: tls.VersionTLS12, - } - } else { + if certificates == nil { // No certificate, so force H2C (HTTP/2 over clear-text) by using a non-TLS Dialer dialer := net.Dialer{} dialFunc = func(ctx context.Context, network, addr string, cfg *tls.Config) (net.Conn, error) { @@ -80,10 +81,10 @@ func ForceHTTP2(client HTTPClient, certificates []tls.Certificate) { // https://github.com/golang/go/issues/16582 // https://github.com/golang/go/issues/22091 c.client.Transport = &http2.Transport{ - AllowHTTP: true, - TLSClientConfig: tlsConfig, - DialTLSContext: dialFunc, + AllowHTTP: true, + DialTLSContext: dialFunc, } + ConfigureTLS(client, certificates, caCertificate, trustAll) } func CreateClient(timeout time.Duration) HTTPClient { |