root
/
helm
mirror of https://github.com/helm/helm.git
1
0
Fork 0
Code Issues Actions 2 Packages Projects Releases Wiki Activity

CAFile is now optional, in that case the default RootCAs are used

This commit is contained in:
Nandor Kracser 2017-06-22 20:37:26 +02:00
parent 42ede7f6f8
commit 5f96fb816c
2 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/getter/httpgetter.go
View File

@ -50,7 +50,7 @@ func (g *httpGetter) Get(href string) (*bytes.Buffer, error) {
// newHTTPGetter constructs a valid http/https client as Getter
func newHTTPGetter(URL, CertFile, KeyFile, CAFile string) (Getter, error) {
var client httpGetter
if CertFile != "" && KeyFile != "" && CAFile != "" {
if CertFile != "" && KeyFile != "" {
tlsConf, err := tlsutil.NewClientTLS(CertFile, KeyFile, CAFile)
if err != nil {
return nil, fmt.Errorf("can't create TLS config for client: %s", err.Error())

17
pkg/tlsutil/tls.go
View File

@ -29,14 +29,17 @@ func NewClientTLS(certFile, keyFile, caFile string) (*tls.Config, error) {
if err != nil {
return nil, err
}
cp, err := CertPoolFromFile(caFile)
if err != nil {
return nil, err
}
return &tls.Config{
config := tls.Config{
Certificates: []tls.Certificate{*cert},
RootCAs: cp,
}, nil
}
if caFile != "" {
cp, err := CertPoolFromFile(caFile)
if err != nil {
return nil, err
}
config.RootCAs = cp
}
return &config, nil
}
// CertPoolFromFile returns an x509.CertPool containing the certificates