Commit 5f96fb81 authored by Nandor Kracser's avatar Nandor Kracser

CAFile is now optional, in that case the default RootCAs are used

parent 42ede7f6
...@@ -50,7 +50,7 @@ func (g *httpGetter) Get(href string) (*bytes.Buffer, error) { ...@@ -50,7 +50,7 @@ func (g *httpGetter) Get(href string) (*bytes.Buffer, error) {
// newHTTPGetter constructs a valid http/https client as Getter // newHTTPGetter constructs a valid http/https client as Getter
func newHTTPGetter(URL, CertFile, KeyFile, CAFile string) (Getter, error) { func newHTTPGetter(URL, CertFile, KeyFile, CAFile string) (Getter, error) {
var client httpGetter var client httpGetter
if CertFile != "" && KeyFile != "" && CAFile != "" { if CertFile != "" && KeyFile != "" {
tlsConf, err := tlsutil.NewClientTLS(CertFile, KeyFile, CAFile) tlsConf, err := tlsutil.NewClientTLS(CertFile, KeyFile, CAFile)
if err != nil { if err != nil {
return nil, fmt.Errorf("can't create TLS config for client: %s", err.Error()) return nil, fmt.Errorf("can't create TLS config for client: %s", err.Error())
......
...@@ -29,14 +29,17 @@ func NewClientTLS(certFile, keyFile, caFile string) (*tls.Config, error) { ...@@ -29,14 +29,17 @@ func NewClientTLS(certFile, keyFile, caFile string) (*tls.Config, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
config := tls.Config{
Certificates: []tls.Certificate{*cert},
}
if caFile != "" {
cp, err := CertPoolFromFile(caFile) cp, err := CertPoolFromFile(caFile)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return &tls.Config{ config.RootCAs = cp
Certificates: []tls.Certificate{*cert}, }
RootCAs: cp, return &config, nil
}, nil
} }
// CertPoolFromFile returns an x509.CertPool containing the certificates // CertPoolFromFile returns an x509.CertPool containing the certificates
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment