diff options
author | Jacob Vosmaer (GitLab) <jacob@gitlab.com> | 2018-03-23 20:23:57 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2018-03-23 20:23:57 +0300 |
commit | 868847435212d6e81fcbdbf816efb657c11bcdfb (patch) | |
tree | 0634baf294a7fba8894f0ce6d16847dab57a967d | |
parent | fdc449b9d23b23c8b5efaf83f6681b5ef75cb58f (diff) |
Fix SSL artifacts requests on macos
-rw-r--r-- | internal/artifact/artifact.go | 5 | ||||
-rw-r--r-- | internal/artifact/transport.go | 55 |
2 files changed, 59 insertions, 1 deletions
diff --git a/internal/artifact/artifact.go b/internal/artifact/artifact.go index 100ec90d..9a23e269 100644 --- a/internal/artifact/artifact.go +++ b/internal/artifact/artifact.go @@ -41,7 +41,10 @@ func New(server string, timeoutSeconds int, pagesDomain string) *Artifact { return &Artifact{ server: strings.TrimRight(server, "/"), suffix: "." + strings.ToLower(pagesDomain), - client: &http.Client{Timeout: time.Second * time.Duration(timeoutSeconds)}, + client: &http.Client{ + Timeout: time.Second * time.Duration(timeoutSeconds), + Transport: transport, + }, } } diff --git a/internal/artifact/transport.go b/internal/artifact/transport.go new file mode 100644 index 00000000..da182df6 --- /dev/null +++ b/internal/artifact/transport.go @@ -0,0 +1,55 @@ +package artifact + +import ( + "crypto/tls" + "crypto/x509" + "io/ioutil" + "net" + "net/http" + "os" + "sync" + + log "github.com/sirupsen/logrus" +) + +var ( + sysPoolOnce = &sync.Once{} + sysPool *x509.CertPool + + transport = &http.Transport{ + DialTLS: func(network, addr string) (net.Conn, error) { + return tls.Dial(network, addr, &tls.Config{RootCAs: pool()}) + }, + } +) + +// This is here because macOS does not support the SSL_CERT_FILE +// environment variable. We have arrange things to read SSL_CERT_FILE as +// late as possible to avoid conflicts with file descriptor passing at +// startup. +func pool() *x509.CertPool { + sysPoolOnce.Do(loadPool) + return sysPool +} + +func loadPool() { + sslCertFile := os.Getenv("SSL_CERT_FILE") + if sslCertFile == "" { + return + } + + var err error + sysPool, err = x509.SystemCertPool() + if err != nil { + log.WithError(err).Error("failed to load system cert pool for artifacts client") + return + } + + certPem, err := ioutil.ReadFile(sslCertFile) + if err != nil { + log.WithError(err).Error("failed to read SSL_CERT_FILE") + return + } + + sysPool.AppendCertsFromPEM(certPem) +} |