tlsConfig builds a *tls.Config from the given options.
(insecure bool, certf, keyf string, rootCerts []string)
| 264 | |
| 265 | // tlsConfig builds a *tls.Config from the given options. |
| 266 | func tlsConfig(insecure bool, certf, keyf string, rootCerts []string) (*tls.Config, error) { |
| 267 | var err error |
| 268 | files := map[string][]byte{} |
| 269 | filenames := append([]string{certf, keyf}, rootCerts...) |
| 270 | for _, f := range filenames { |
| 271 | if f != "" { |
| 272 | if files[f], err = os.ReadFile(f); err != nil { |
| 273 | return nil, err |
| 274 | } |
| 275 | } |
| 276 | } |
| 277 | |
| 278 | c := tls.Config{InsecureSkipVerify: insecure} |
| 279 | if cert, ok := files[certf]; ok { |
| 280 | key, ok := files[keyf] |
| 281 | if !ok { |
| 282 | key = cert |
| 283 | } |
| 284 | |
| 285 | certificate, err := tls.X509KeyPair(cert, key) |
| 286 | if err != nil { |
| 287 | return nil, err |
| 288 | } |
| 289 | |
| 290 | c.Certificates = append(c.Certificates, certificate) |
| 291 | c.BuildNameToCertificate() |
| 292 | } |
| 293 | |
| 294 | if len(rootCerts) > 0 { |
| 295 | c.RootCAs = x509.NewCertPool() |
| 296 | for _, f := range rootCerts { |
| 297 | if !c.RootCAs.AppendCertsFromPEM(files[f]) { |
| 298 | return nil, errBadCert |
| 299 | } |
| 300 | } |
| 301 | } |
| 302 | |
| 303 | return &c, nil |
| 304 | } |