| 1429 | } |
| 1430 | |
| 1431 | func (o *Options) TlsConfig(cr *certregistry.CertRegistry) (*tls.Config, error) { |
| 1432 | |
| 1433 | if o.ProxyTLS != nil { |
| 1434 | return o.ProxyTLS, nil |
| 1435 | } |
| 1436 | |
| 1437 | if o.CertPathTLS == "" && o.KeyPathTLS == "" && cr == nil { |
| 1438 | return nil, nil |
| 1439 | } |
| 1440 | |
| 1441 | config := &tls.Config{ |
| 1442 | MinVersion: o.TLSMinVersion, |
| 1443 | ClientAuth: o.TLSClientAuth, |
| 1444 | } |
| 1445 | |
| 1446 | if o.CipherSuites != nil { |
| 1447 | config.CipherSuites = o.CipherSuites |
| 1448 | } |
| 1449 | |
| 1450 | if cr != nil { |
| 1451 | config.GetCertificate = cr.GetCertFromHello |
| 1452 | } |
| 1453 | |
| 1454 | if o.CertPathTLS == "" && o.KeyPathTLS == "" { |
| 1455 | return config, nil |
| 1456 | } |
| 1457 | |
| 1458 | crts := strings.Split(o.CertPathTLS, ",") |
| 1459 | keys := strings.Split(o.KeyPathTLS, ",") |
| 1460 | |
| 1461 | if len(crts) != len(keys) { |
| 1462 | return nil, fmt.Errorf("number of certificates does not match number of keys") |
| 1463 | } |
| 1464 | |
| 1465 | for i := range crts { |
| 1466 | crt, key := crts[i], keys[i] |
| 1467 | keypair, err := tls.LoadX509KeyPair(crt, key) |
| 1468 | if err != nil { |
| 1469 | return nil, fmt.Errorf("failed to load X509 keypair from %s and %s: %w", crt, key, err) |
| 1470 | } |
| 1471 | config.Certificates = append(config.Certificates, keypair) |
| 1472 | } |
| 1473 | return config, nil |
| 1474 | } |
| 1475 | |
| 1476 | func (o *Options) openTracingTracerInstance() (ot.Tracer, error) { |
| 1477 | if o.OpenTracingTracer != nil { |