Skip to content

N
nebula
Commit beea64a3 authored by Mark Tyneway's avatar Mark Tyneway Committed by GitHub
Browse files
Options

Merge pull request #4902 from conduit-xyz/develop 

Make tlsconfig optional for op-signer client
parents 039cc67f 7c44efeb
Hide whitespace changes
Inline Side-by-side
Showing with 32 additions and 24 deletions
op-signer/client/client.go
View file @ beea64a3
...@@ -25,35 +25,43 @@ type SignerClient struct { ...@@ -25,35 +25,43 @@ type SignerClient struct {
} }
func NewSignerClient(logger log.Logger, endpoint string, tlsConfig optls.CLIConfig) (*SignerClient, error) { func NewSignerClient(logger log.Logger, endpoint string, tlsConfig optls.CLIConfig) (*SignerClient, error) {
caCert, err := os.ReadFile(tlsConfig.TLSCaCert) var httpClient *http.Client
if err != nil { if tlsConfig.TLSCaCert != "" {
return nil, fmt.Errorf("failed to read tls.ca: %w", err) logger.Info("tlsConfig specified, loading tls config")
} caCert, err := os.ReadFile(tlsConfig.TLSCaCert)
caCertPool := x509.NewCertPool() if err != nil {
caCertPool.AppendCertsFromPEM(caCert) return nil, fmt.Errorf("failed to read tls.ca: %w", err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
// certman watches for newer client certifictes and automatically reloads them // certman watches for newer client certifictes and automatically reloads them
cm, err := certman.New(logger, tlsConfig.TLSCert, tlsConfig.TLSKey) cm, err := certman.New(logger, tlsConfig.TLSCert, tlsConfig.TLSKey)
if err != nil { if err != nil {
logger.Error("failed to read tls cert or key", "err", err) logger.Error("failed to read tls cert or key", "err", err)
return nil, err return nil, err
} }
if err := cm.Watch(); err != nil { if err := cm.Watch(); err != nil {
logger.Error("failed to start certman watcher", "err", err) logger.Error("failed to start certman watcher", "err", err)
return nil, err return nil, err
} }
httpClient := &http.Client{ httpClient = &http.Client{
Transport: &http.Transport{ Transport: &http.Transport{
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
MinVersion: tls.VersionTLS13, MinVersion: tls.VersionTLS13,
RootCAs: caCertPool, RootCAs: caCertPool,
GetClientCertificate: func(_ *tls.CertificateRequestInfo) (*tls.Certificate, error) { GetClientCertificate: func(_ *tls.CertificateRequestInfo) (*tls.Certificate, error) {
return cm.GetCertificate(nil) return cm.GetCertificate(nil)
},
}, },
}, },
}, }
} else {
logger.Info("no tlsConfig specified, using default http client")
httpClient = http.DefaultClient
} }
rpcClient, err := rpc.DialOptions(context.Background(), endpoint, rpc.WithHTTPClient(httpClient)) rpcClient, err := rpc.DialOptions(context.Background(), endpoint, rpc.WithHTTPClient(httpClient))
if err != nil { if err != nil {
return nil, err return nil, err
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment