(options ...TLSConfigOption)
| 82 | } |
| 83 | |
| 84 | func NewTLSConfig(options ...TLSConfigOption) (*tls.Config, error) { |
| 85 | to := TLSConfigOptions{} |
| 86 | |
| 87 | errs := []error{} |
| 88 | for _, option := range options { |
| 89 | err := option(&to) |
| 90 | if err != nil { |
| 91 | errs = append(errs, err) |
| 92 | } |
| 93 | } |
| 94 | |
| 95 | if len(errs) > 0 { |
| 96 | return nil, errors.Join(errs...) |
| 97 | } |
| 98 | |
| 99 | config := tls.Config{ |
| 100 | InsecureSkipVerify: to.insecureSkipTLSVerify, |
| 101 | } |
| 102 | |
| 103 | if len(to.certPEMBlock) > 0 && len(to.keyPEMBlock) > 0 { |
| 104 | cert, err := tls.X509KeyPair(to.certPEMBlock, to.keyPEMBlock) |
| 105 | if err != nil { |
| 106 | return nil, fmt.Errorf("unable to load cert from key pair: %w", err) |
| 107 | } |
| 108 | |
| 109 | config.Certificates = []tls.Certificate{cert} |
| 110 | } |
| 111 | |
| 112 | if len(to.caPEMBlock) > 0 { |
| 113 | cp := x509.NewCertPool() |
| 114 | if !cp.AppendCertsFromPEM(to.caPEMBlock) { |
| 115 | return nil, errors.New("failed to append certificates from pem block") |
| 116 | } |
| 117 | |
| 118 | config.RootCAs = cp |
| 119 | } |
| 120 | |
| 121 | return &config, nil |
| 122 | } |
no outgoing calls
searching dependent graphs…