diff options
author | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-08-18 09:56:12 +0300 |
---|---|---|
committer | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-08-18 09:56:12 +0300 |
commit | 82335177a418afc9aeaab9cf117c94f5063fb1b7 (patch) | |
tree | e52a11b2cbad74cfc51459dfc6d862b9bd25beb8 /internal/httptransport | |
parent | 1966ab9bf8592a32a7ff88e1d1439ed80f7f65bb (diff) |
Combine transports to one package
Diffstat (limited to 'internal/httptransport')
-rw-r--r-- | internal/httptransport/transport.go | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/internal/httptransport/transport.go b/internal/httptransport/transport.go new file mode 100644 index 00000000..207531f4 --- /dev/null +++ b/internal/httptransport/transport.go @@ -0,0 +1,56 @@ +package httptransport + +import ( + "crypto/tls" + "crypto/x509" + "io/ioutil" + "net" + "net/http" + "os" + "sync" + + log "github.com/sirupsen/logrus" +) + +var ( + sysPoolOnce = &sync.Once{} + sysPool *x509.CertPool + + // Transport can be used with httpclient with TLS and certificates + Transport = &http.Transport{ + DialTLS: func(network, addr string) (net.Conn, error) { + return tls.Dial(network, addr, &tls.Config{RootCAs: pool()}) + }, + } +) + +// This is here because macOS does not support the SSL_CERT_FILE +// environment variable. We have arrange things to read SSL_CERT_FILE as +// late as possible to avoid conflicts with file descriptor passing at +// startup. +func pool() *x509.CertPool { + sysPoolOnce.Do(loadPool) + return sysPool +} + +func loadPool() { + sslCertFile := os.Getenv("SSL_CERT_FILE") + if sslCertFile == "" { + return + } + + var err error + sysPool, err = x509.SystemCertPool() + if err != nil { + log.WithError(err).Error("failed to load system cert pool for artifacts client") + return + } + + certPem, err := ioutil.ReadFile(sslCertFile) + if err != nil { + log.WithError(err).Error("failed to read SSL_CERT_FILE") + return + } + + sysPool.AppendCertsFromPEM(certPem) +} |