(ctx context.Context, authority string, rawConn net.Conn)
| 121 | } |
| 122 | |
| 123 | func (c *reloadingCreds) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) { |
| 124 | km, err := c.provider.KeyMaterial(ctx) |
| 125 | if err != nil { |
| 126 | return nil, nil, err |
| 127 | } |
| 128 | var config *tls.Config |
| 129 | if km.SPIFFEBundleMap != nil { |
| 130 | config = &tls.Config{ |
| 131 | InsecureSkipVerify: true, |
| 132 | VerifyPeerCertificate: buildSPIFFEVerifyFunc(km.SPIFFEBundleMap), |
| 133 | Certificates: km.Certs, |
| 134 | } |
| 135 | } else { |
| 136 | config = &tls.Config{ |
| 137 | RootCAs: km.Roots, |
| 138 | Certificates: km.Certs, |
| 139 | } |
| 140 | } |
| 141 | return credentials.NewTLS(config).ClientHandshake(ctx, authority, rawConn) |
| 142 | } |
| 143 | |
| 144 | func (c *reloadingCreds) Info() credentials.ProtocolInfo { |
| 145 | return credentials.ProtocolInfo{SecurityProtocol: "tls"} |
nothing calls this directly
no test coverage detected