MCPcopy
hub / github.com/caddyserver/caddy / makeTLSClientConfig

Method makeTLSClientConfig

modules/caddytls/capools.go:592–632  ·  modules/caddytls/capools.go::TLSConfig.makeTLSClientConfig

MakeTLSClientConfig returns a tls.Config usable by a client to a backend. If there is no custom TLS configuration, a nil config may be returned.

(ctx caddy.Context)

Source from the content-addressed store, hash-verified

590// MakeTLSClientConfig returns a tls.Config usable by a client to a backend.
591// If there is no custom TLS configuration, a nil config may be returned.
592func (t *TLSConfig) makeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) {
593 repl, ok := ctx.Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
594 if !ok || repl == nil {
595 repl = caddy.NewReplacer()
596 }
597 cfg := new(tls.Config)
598
599 if t.CARaw != nil {
600 caRaw, err := ctx.LoadModule(t, "CARaw")
601 if err != nil {
602 return nil, err
603 }
604 ca := caRaw.(CA)
605 cfg.RootCAs = ca.CertPool()
606 }
607
608 // Renegotiation
609 switch t.Renegotiation {
610 case "never", "":
611 cfg.Renegotiation = tls.RenegotiateNever
612 case "once":
613 cfg.Renegotiation = tls.RenegotiateOnceAsClient
614 case "freely":
615 cfg.Renegotiation = tls.RenegotiateFreelyAsClient
616 default:
617 return nil, fmt.Errorf("invalid TLS renegotiation level: %v", t.Renegotiation)
618 }
619
620 // override for the server name used verify the TLS handshake
621 cfg.ServerName = repl.ReplaceKnown(cfg.ServerName, "")
622
623 // throw all security out the window
624 cfg.InsecureSkipVerify = t.InsecureSkipVerify
625
626 // only return a config if it's not empty
627 if reflect.DeepEqual(cfg, new(tls.Config)) {
628 return nil, nil
629 }
630
631 return cfg, nil
632}
633
634// The HTTPCertPool fetches the trusted root certificates from HTTP(S)
635// endpoints. The TLS connection properties can be customized, including custom

Callers 1

ProvisionMethod · 0.80

Calls 4

LoadModuleMethod · 0.80
ReplaceKnownMethod · 0.80
CertPoolMethod · 0.65
ValueMethod · 0.45

Tested by

no test coverage detected