Access tls config

This commit is contained in:
Asim 2016-01-16 23:39:47 +00:00
parent f7c4304ac3
commit ae2ab911ed
4 changed files with 39 additions and 12 deletions

View File

@ -144,11 +144,15 @@ func (h *httpBroker) start() error {
var err error var err error
if h.opts.Secure { if h.opts.Secure {
config := h.opts.TLSConfig
if config == nil {
cert, err := mls.Certificate(h.address) cert, err := mls.Certificate(h.address)
if err != nil { if err != nil {
return err return err
} }
l, err = tls.Listen("tcp", h.address, &tls.Config{Certificates: []tls.Certificate{cert}}) config = &tls.Config{Certificates: []tls.Certificate{cert}}
}
l, err = tls.Listen("tcp", h.address, config)
} else { } else {
l, err = net.Listen("tcp", h.address) l, err = net.Listen("tcp", h.address)
} }

View File

@ -1,11 +1,14 @@
package broker package broker
import ( import (
"crypto/tls"
"golang.org/x/net/context" "golang.org/x/net/context"
) )
type Options struct { type Options struct {
Secure bool Secure bool
TLSConfig *tls.Config
// Other options for implementations of the interface // Other options for implementations of the interface
// can be stored in a context // can be stored in a context
@ -71,3 +74,10 @@ func Secure(b bool) Option {
o.Secure = b o.Secure = b
} }
} }
// Specify TLS Config
func TLSConfig(t *tls.Config) Option {
return func(o *Options) {
o.TLSConfig = t
}
}

View File

@ -19,7 +19,13 @@ type consulRegistry struct {
Options Options Options Options
} }
func newTransport() *http.Transport { func newTransport(config *tls.Config) *http.Transport {
if config == nil {
config = &tls.Config{
InsecureSkipVerify: true,
}
}
t := &http.Transport{ t := &http.Transport{
Proxy: http.ProxyFromEnvironment, Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{ Dial: (&net.Dialer{
@ -27,9 +33,7 @@ func newTransport() *http.Transport {
KeepAlive: 30 * time.Second, KeepAlive: 30 * time.Second,
}).Dial, }).Dial,
TLSHandshakeTimeout: 10 * time.Second, TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: &tls.Config{ TLSClientConfig: config,
InsecureSkipVerify: true,
},
} }
runtime.SetFinalizer(&t, func(tr **http.Transport) { runtime.SetFinalizer(&t, func(tr **http.Transport) {
(*tr).CloseIdleConnections() (*tr).CloseIdleConnections()
@ -120,7 +124,7 @@ func newConsulRegistry(addrs []string, opts ...Option) Registry {
if opt.Secure { if opt.Secure {
config.Scheme = "https" config.Scheme = "https"
// We're going to support InsecureSkipVerify // We're going to support InsecureSkipVerify
config.HttpClient.Transport = newTransport() config.HttpClient.Transport = newTransport(opt.TLSConfig)
} }
// create the client // create the client

View File

@ -1,6 +1,7 @@
package registry package registry
import ( import (
"crypto/tls"
"time" "time"
"golang.org/x/net/context" "golang.org/x/net/context"
@ -9,6 +10,7 @@ import (
type Options struct { type Options struct {
Timeout time.Duration Timeout time.Duration
Secure bool Secure bool
TLSConfig *tls.Config
// Other options for implementations of the interface // Other options for implementations of the interface
// can be stored in a context // can be stored in a context
@ -27,3 +29,10 @@ func Secure(b bool) Option {
o.Secure = b o.Secure = b
} }
} }
// Specify TLS Config
func TLSConfig(t *tls.Config) Option {
return func(o *Options) {
o.TLSConfig = t
}
}