Access tls config

2025-10-30 23:27:41 +02:00 · 2016-01-16 23:39:47 +00:00
parent f7c4304ac3
commit ae2ab911ed
4 changed files with 39 additions and 12 deletions
--- a/broker/http_broker.go
+++ b/broker/http_broker.go
@@ -144,11 +144,15 @@ func (h *httpBroker) start() error {
 	var err error

 	if h.opts.Secure {
+		config := h.opts.TLSConfig
+		if config == nil {
 			cert, err := mls.Certificate(h.address)
 			if err != nil {
 				return err
 			}
-		l, err = tls.Listen("tcp", h.address, &tls.Config{Certificates: []tls.Certificate{cert}})
+			config = &tls.Config{Certificates: []tls.Certificate{cert}}
+		}
+		l, err = tls.Listen("tcp", h.address, config)
 	} else {
 		l, err = net.Listen("tcp", h.address)
 	}
--- a/broker/options.go
+++ b/broker/options.go
@@ -1,11 +1,14 @@
 package broker

 import (
+	"crypto/tls"
+
 	"golang.org/x/net/context"
 )

 type Options struct {
 	Secure    bool
+	TLSConfig *tls.Config

 	// Other options for implementations of the interface
 	// can be stored in a context
@@ -71,3 +74,10 @@ func Secure(b bool) Option {
 		o.Secure = b
 	}
 }
+
+// Specify TLS Config
+func TLSConfig(t *tls.Config) Option {
+	return func(o *Options) {
+		o.TLSConfig = t
+	}
+}
--- a/registry/consul_registry.go
+++ b/registry/consul_registry.go
@@ -19,7 +19,13 @@ type consulRegistry struct {
 	Options Options
 }

-func newTransport() *http.Transport {
+func newTransport(config *tls.Config) *http.Transport {
+	if config == nil {
+		config = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+
 	t := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
 		Dial: (&net.Dialer{
@@ -27,9 +33,7 @@ func newTransport() *http.Transport {
 			KeepAlive: 30 * time.Second,
 		}).Dial,
 		TLSHandshakeTimeout: 10 * time.Second,
-		TLSClientConfig: &tls.Config{
-			InsecureSkipVerify: true,
-		},
+		TLSClientConfig:     config,
 	}
 	runtime.SetFinalizer(&t, func(tr **http.Transport) {
 		(*tr).CloseIdleConnections()
@@ -120,7 +124,7 @@ func newConsulRegistry(addrs []string, opts ...Option) Registry {
 	if opt.Secure {
 		config.Scheme = "https"
 		// We're going to support InsecureSkipVerify
-		config.HttpClient.Transport = newTransport()
+		config.HttpClient.Transport = newTransport(opt.TLSConfig)
 	}

 	// create the client
--- a/registry/options.go
+++ b/registry/options.go
@@ -1,6 +1,7 @@
 package registry

 import (
+	"crypto/tls"
 	"time"

 	"golang.org/x/net/context"
@@ -9,6 +10,7 @@ import (
 type Options struct {
 	Timeout   time.Duration
 	Secure    bool
+	TLSConfig *tls.Config

 	// Other options for implementations of the interface
 	// can be stored in a context
@@ -27,3 +29,10 @@ func Secure(b bool) Option {
 		o.Secure = b
 	}
 }
+
+// Specify TLS Config
+func TLSConfig(t *tls.Config) Option {
+	return func(o *Options) {
+		o.TLSConfig = t
+	}
+}