| 74 | } |
| 75 | |
| 76 | func (cmd *redactCmd) buildTransportCredentials() (credentials.TransportCredentials, error) { |
| 77 | if !cmd.TLS { |
| 78 | return insecure.NewCredentials(), nil |
| 79 | } |
| 80 | |
| 81 | certPool, err := x509.SystemCertPool() |
| 82 | if err != nil { |
| 83 | return nil, fmt.Errorf("loading system cert pool: %w", err) |
| 84 | } |
| 85 | if certPool == nil { |
| 86 | certPool = x509.NewCertPool() |
| 87 | } |
| 88 | |
| 89 | if cmd.TLSCA != "" { |
| 90 | pem, err := os.ReadFile(cmd.TLSCA) |
| 91 | if err != nil { |
| 92 | return nil, fmt.Errorf("reading CA cert %q: %w", cmd.TLSCA, err) |
| 93 | } |
| 94 | if !certPool.AppendCertsFromPEM(pem) { |
| 95 | return nil, fmt.Errorf("no valid certificates found in %q", cmd.TLSCA) |
| 96 | } |
| 97 | } |
| 98 | |
| 99 | return credentials.NewTLS(&tls.Config{ |
| 100 | ServerName: cmd.TLSServerName, |
| 101 | RootCAs: certPool, |
| 102 | }), nil |
| 103 | } |
| 104 | |
| 105 | // parseTraceIDs converts a slice of hex trace ID strings to raw byte slices. |
| 106 | func parseTraceIDs(hexIDs []string) ([][]byte, error) { |