(cfg *Config)
| 107 | } |
| 108 | |
| 109 | func createHTTPClient(cfg *Config) (*http.Client, error) { |
| 110 | if !cfg.TLSEnabled { |
| 111 | return http.DefaultClient, nil |
| 112 | } |
| 113 | |
| 114 | config := &tls.Config{ |
| 115 | InsecureSkipVerify: cfg.TLS.InsecureSkipVerify, |
| 116 | ServerName: cfg.TLS.ServerName, |
| 117 | } |
| 118 | |
| 119 | // read ca certificates |
| 120 | if cfg.TLS.CAPath != "" { |
| 121 | |
| 122 | caCert, err := os.ReadFile(cfg.TLS.CAPath) |
| 123 | if err != nil { |
| 124 | return nil, fmt.Errorf("error opening %s CA", cfg.TLS.CAPath) |
| 125 | } |
| 126 | caCertPool := x509.NewCertPool() |
| 127 | caCertPool.AppendCertsFromPEM(caCert) |
| 128 | config.RootCAs = caCertPool |
| 129 | } |
| 130 | // read client certificate |
| 131 | if cfg.TLS.CertPath != "" || cfg.TLS.KeyPath != "" { |
| 132 | clientCert, err := tls.LoadX509KeyPair(cfg.TLS.CertPath, cfg.TLS.KeyPath) |
| 133 | if err != nil { |
| 134 | return nil, fmt.Errorf("error opening %s , %s cert", cfg.TLS.CertPath, cfg.TLS.KeyPath) |
| 135 | } |
| 136 | config.Certificates = []tls.Certificate{clientCert} |
| 137 | } |
| 138 | |
| 139 | if cfg.TLS.MinVersion != "" { |
| 140 | minVersion, ok := tlsVersions[cfg.TLS.MinVersion] |
| 141 | if !ok { |
| 142 | return nil, fmt.Errorf("unknown minimum TLS version: %q", cfg.TLS.MinVersion) |
| 143 | } |
| 144 | config.MinVersion = minVersion |
| 145 | } |
| 146 | |
| 147 | if cfg.TLS.CipherSuites != "" { |
| 148 | cleanedCipherSuiteNames := strings.ReplaceAll(cfg.TLS.CipherSuites, " ", "") |
| 149 | cipherSuitesNames := strings.Split(cleanedCipherSuiteNames, ",") |
| 150 | cipherSuites, err := mapCipherNamesToIDs(cipherSuitesNames) |
| 151 | if err != nil { |
| 152 | return nil, err |
| 153 | } |
| 154 | config.CipherSuites = cipherSuites |
| 155 | } |
| 156 | transport := &http.Transport{TLSClientConfig: config} |
| 157 | return &http.Client{Transport: transport}, nil |
| 158 | } |
| 159 | |
| 160 | func mapCipherNamesToIDs(cipherSuiteNames []string) ([]uint16, error) { |
| 161 | cipherSuites := []uint16{} |
no test coverage detected