mirror of
https://github.com/VictoriaMetrics/VictoriaMetrics.git
synced 2025-01-20 15:29:24 +01:00
82ecfa3b32
The change adds no new functionality and aims to move flags definitions to subpackages that are using them. This should improve readability of the main function.
59 lines
1.6 KiB
Go
59 lines
1.6 KiB
Go
package utils
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
// Transport creates http.Transport object based on provided URL.
|
|
// Returns Transport with TLS configuration if URL contains `https` prefix
|
|
func Transport(URL, certFile, keyFile, CAFile, serverName string, insecureSkipVerify bool) (*http.Transport, error) {
|
|
t := http.DefaultTransport.(*http.Transport).Clone()
|
|
if !strings.HasPrefix(URL, "https") {
|
|
return t, nil
|
|
}
|
|
tlsCfg, err := TLSConfig(certFile, keyFile, CAFile, serverName, insecureSkipVerify)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
t.TLSClientConfig = tlsCfg
|
|
return t, nil
|
|
}
|
|
|
|
// TLSConfig creates tls.Config object from provided arguments
|
|
func TLSConfig(certFile, keyFile, CAFile, serverName string, insecureSkipVerify bool) (*tls.Config, error) {
|
|
var certs []tls.Certificate
|
|
if certFile != "" {
|
|
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("cannot load TLS certificate from `cert_file`=%q, `key_file`=%q: %s", certFile, keyFile, err)
|
|
}
|
|
|
|
certs = []tls.Certificate{cert}
|
|
}
|
|
|
|
var rootCAs *x509.CertPool
|
|
if CAFile != "" {
|
|
pem, err := ioutil.ReadFile(CAFile)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("cannot read `ca_file` %q: %s", CAFile, err)
|
|
}
|
|
|
|
rootCAs = x509.NewCertPool()
|
|
if !rootCAs.AppendCertsFromPEM(pem) {
|
|
return nil, fmt.Errorf("cannot parse data from `ca_file` %q", CAFile)
|
|
}
|
|
}
|
|
|
|
return &tls.Config{
|
|
Certificates: certs,
|
|
InsecureSkipVerify: insecureSkipVerify,
|
|
RootCAs: rootCAs,
|
|
ServerName: serverName,
|
|
}, nil
|
|
}
|