Skip to content

N
nebula
Switch branch/tag
Find file
Normal viewHistoryPermalink
tls.go 631 Bytes
Newer Older
Matthew Slipper's avatar
go/proxyd: ENG-1704 add support for additional SSL certs
6c7f483b
 
Matthew Slipper committed
1 2 3 4 5 6 
package proxyd

import (
	"crypto/tls"
	"crypto/x509"
	"errors"
protolambda's avatar
style(batch-submitter,bss-core,proxyd): Fix lint Go (#3328)
61e353e1
 
protolambda committed
7 
	"os"
Matthew Slipper's avatar
go/proxyd: ENG-1704 add support for additional SSL certs
6c7f483b
 
Matthew Slipper committed
8 9 10 
)

func CreateTLSClient(ca string) (*tls.Config, error) {
protolambda's avatar
style(batch-submitter,bss-core,proxyd): Fix lint Go (#3328)
61e353e1
 
protolambda committed
11 
	pem, err := os.ReadFile(ca)
Matthew Slipper's avatar
go/proxyd: ENG-1704 add support for additional SSL certs
6c7f483b
 
Matthew Slipper committed
12 13 14 15 16 17 18 19 20 21 22 
	if err != nil {
		return nil, wrapErr(err, "error reading CA")
	}

	roots := x509.NewCertPool()
	ok := roots.AppendCertsFromPEM(pem)
	if !ok {
		return nil, errors.New("error parsing TLS client cert")
	}

	return &tls.Config{
Matthew Slipper's avatar
go/proxyd: Add support for env vars in the config
73484138
 
Matthew Slipper committed
23 
		RootCAs: roots,
Matthew Slipper's avatar
go/proxyd: ENG-1704 add support for additional SSL certs
6c7f483b
 
Matthew Slipper committed
24 25 26 27 28 29 30 31 32 
	}, nil
}

func ParseKeyPair(crt, key string) (tls.Certificate, error) {
	cert, err := tls.LoadX509KeyPair(crt, key)
	if err != nil {
		return tls.Certificate{}, wrapErr(err, "error loading x509 key pair")
	}
	return cert, nil
Matthew Slipper's avatar
go/proxyd: Add support for env vars in the config
73484138
 
Matthew Slipper committed
33 
}