Access tls config
This commit is contained in:
parent
f7c4304ac3
commit
ae2ab911ed
@ -144,11 +144,15 @@ func (h *httpBroker) start() error {
|
||||
var err error
|
||||
|
||||
if h.opts.Secure {
|
||||
cert, err := mls.Certificate(h.address)
|
||||
if err != nil {
|
||||
return err
|
||||
config := h.opts.TLSConfig
|
||||
if config == nil {
|
||||
cert, err := mls.Certificate(h.address)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
config = &tls.Config{Certificates: []tls.Certificate{cert}}
|
||||
}
|
||||
l, err = tls.Listen("tcp", h.address, &tls.Config{Certificates: []tls.Certificate{cert}})
|
||||
l, err = tls.Listen("tcp", h.address, config)
|
||||
} else {
|
||||
l, err = net.Listen("tcp", h.address)
|
||||
}
|
||||
|
@ -1,11 +1,14 @@
|
||||
package broker
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
|
||||
"golang.org/x/net/context"
|
||||
)
|
||||
|
||||
type Options struct {
|
||||
Secure bool
|
||||
Secure bool
|
||||
TLSConfig *tls.Config
|
||||
|
||||
// Other options for implementations of the interface
|
||||
// can be stored in a context
|
||||
@ -71,3 +74,10 @@ func Secure(b bool) Option {
|
||||
o.Secure = b
|
||||
}
|
||||
}
|
||||
|
||||
// Specify TLS Config
|
||||
func TLSConfig(t *tls.Config) Option {
|
||||
return func(o *Options) {
|
||||
o.TLSConfig = t
|
||||
}
|
||||
}
|
||||
|
@ -19,7 +19,13 @@ type consulRegistry struct {
|
||||
Options Options
|
||||
}
|
||||
|
||||
func newTransport() *http.Transport {
|
||||
func newTransport(config *tls.Config) *http.Transport {
|
||||
if config == nil {
|
||||
config = &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
}
|
||||
}
|
||||
|
||||
t := &http.Transport{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
Dial: (&net.Dialer{
|
||||
@ -27,9 +33,7 @@ func newTransport() *http.Transport {
|
||||
KeepAlive: 30 * time.Second,
|
||||
}).Dial,
|
||||
TLSHandshakeTimeout: 10 * time.Second,
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
TLSClientConfig: config,
|
||||
}
|
||||
runtime.SetFinalizer(&t, func(tr **http.Transport) {
|
||||
(*tr).CloseIdleConnections()
|
||||
@ -120,7 +124,7 @@ func newConsulRegistry(addrs []string, opts ...Option) Registry {
|
||||
if opt.Secure {
|
||||
config.Scheme = "https"
|
||||
// We're going to support InsecureSkipVerify
|
||||
config.HttpClient.Transport = newTransport()
|
||||
config.HttpClient.Transport = newTransport(opt.TLSConfig)
|
||||
}
|
||||
|
||||
// create the client
|
||||
|
@ -1,14 +1,16 @@
|
||||
package registry
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"time"
|
||||
|
||||
"golang.org/x/net/context"
|
||||
)
|
||||
|
||||
type Options struct {
|
||||
Timeout time.Duration
|
||||
Secure bool
|
||||
Timeout time.Duration
|
||||
Secure bool
|
||||
TLSConfig *tls.Config
|
||||
|
||||
// Other options for implementations of the interface
|
||||
// can be stored in a context
|
||||
@ -27,3 +29,10 @@ func Secure(b bool) Option {
|
||||
o.Secure = b
|
||||
}
|
||||
}
|
||||
|
||||
// Specify TLS Config
|
||||
func TLSConfig(t *tls.Config) Option {
|
||||
return func(o *Options) {
|
||||
o.TLSConfig = t
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user