diff options
| author | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-06-18 20:21:29 +0300 |
|---|---|---|
| committer | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-06-30 22:51:43 +0300 |
| commit | 50d85895b5a742671bdf90adc8ab2d9c37e8a709 (patch) | |
| tree | c264cd57ccfaf5717766d063f8705ff8eee09ba6 /internal/auth | |
| parent | c3dc6f13f26ca57862afc9a7e1be6d4392021f87 (diff) | |
Add transport to auth as well
Diffstat (limited to 'internal/auth')
| -rw-r--r-- | internal/auth/auth.go | 5 | ||||
| -rw-r--r-- | internal/auth/transport.go | 55 |
2 files changed, 59 insertions, 1 deletions
diff --git a/internal/auth/auth.go b/internal/auth/auth.go index 0278dcbe..c8022f2c 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -278,6 +278,9 @@ func New(pagesDomain string, storeSecret string, clientID string, clientSecret s redirectURI: redirectURI, gitLabServer: strings.TrimRight(gitLabServer, "/"), store: store, - apiClient: &http.Client{Timeout: 5 * time.Second}, + apiClient: &http.Client{ + Timeout: 5 * time.Second, + Transport: transport, + }, } } diff --git a/internal/auth/transport.go b/internal/auth/transport.go new file mode 100644 index 00000000..c8682ba2 --- /dev/null +++ b/internal/auth/transport.go @@ -0,0 +1,55 @@ +package auth + +import ( + "crypto/tls" + "crypto/x509" + "io/ioutil" + "net" + "net/http" + "os" + "sync" + + log "github.com/sirupsen/logrus" +) + +var ( + sysPoolOnce = &sync.Once{} + sysPool *x509.CertPool + + transport = &http.Transport{ + DialTLS: func(network, addr string) (net.Conn, error) { + return tls.Dial(network, addr, &tls.Config{RootCAs: pool()}) + }, + } +) + +// This is here because macOS does not support the SSL_CERT_FILE +// environment variable. We have arrange things to read SSL_CERT_FILE as +// late as possible to avoid conflicts with file descriptor passing at +// startup. +func pool() *x509.CertPool { + sysPoolOnce.Do(loadPool) + return sysPool +} + +func loadPool() { + sslCertFile := os.Getenv("SSL_CERT_FILE") + if sslCertFile == "" { + return + } + + var err error + sysPool, err = x509.SystemCertPool() + if err != nil { + log.WithError(err).Error("failed to load system cert pool for artifacts client") + return + } + + certPem, err := ioutil.ReadFile(sslCertFile) + if err != nil { + log.WithError(err).Error("failed to read SSL_CERT_FILE") + return + } + + sysPool.AppendCertsFromPEM(certPem) +} |