| 1234567891011121314151617181920212223242526272829303132333435 |
- package flocker
- import (
- "crypto/tls"
- "crypto/x509"
- "io/ioutil"
- "net/http"
- )
- // newTLSClient returns a new TLS http client
- func newTLSClient(caCertPath, keyPath, certPath string) (*http.Client, error) {
- // Client certificate
- cert, err := tls.LoadX509KeyPair(certPath, keyPath)
- if err != nil {
- return nil, err
- }
- // CA certificate
- caCert, err := ioutil.ReadFile(caCertPath)
- if err != nil {
- return nil, err
- }
- caCertPool := x509.NewCertPool()
- caCertPool.AppendCertsFromPEM(caCert)
- tlsConfig := &tls.Config{
- Certificates: []tls.Certificate{cert},
- RootCAs: caCertPool,
- }
- tlsConfig.BuildNameToCertificate()
- transport := &http.Transport{TLSClientConfig: tlsConfig}
- return &http.Client{Transport: transport}, nil
- }
|
