kuma
1package http2
3import (4"crypto/tls"5"crypto/x509"6"net/http"7"os"8
9"github.com/pkg/errors"10)
11
12func ConfigureMTLS(httpClient *http.Client, caCert string, clientCert string, clientKey string) error {13transport := &http.Transport{14TLSClientConfig: &tls.Config{15MinVersion: tls.VersionTLS12,16},17}18
19if caCert == "" {20transport.TLSClientConfig.InsecureSkipVerify = true21} else {22certBytes, err := os.ReadFile(caCert)23if err != nil {24return errors.Wrap(err, "could not read CA cert")25}26certPool := x509.NewCertPool()27if ok := certPool.AppendCertsFromPEM(certBytes); !ok {28return errors.New("could not add certificate")29}30transport.TLSClientConfig.RootCAs = certPool31}32
33if clientKey != "" && clientCert != "" {34cert, err := tls.LoadX509KeyPair(clientCert, clientKey)35if err != nil {36return errors.Wrap(err, "could not create key pair from client cert and client key")37}38transport.TLSClientConfig.Certificates = []tls.Certificate{cert}39}40
41httpClient.Transport = transport42return nil43}
44