func()

in internal/cloudsql/instance.go [239:268]

• 20 lines of code
• 3 McCabe index (conditional complexity)

func (c ConnectionInfo) TLSConfig() *tls.Config {
	pool := x509.NewCertPool()
	for _, caCert := range c.ServerCACert {
		pool.AddCert(caCert)
	}

	var serverName string
	if c.ConnectionName.HasDomainName() {
		// If the connector was configured with a DNS name, use the DNS name from
		// the configuration to validate the server certificate.
		serverName = c.ConnectionName.DomainName()
	} else {
		// If the connector was configured with an Instance Connection Name,
		// use the DNS name from the instance metadata.
		serverName = c.DNSName
	}

	return &tls.Config{
		ServerName:   serverName,
		Certificates: []tls.Certificate{c.ClientCertificate},
		RootCAs:      pool,
		MinVersion:   tls.VersionTLS13,
		// Replace entire default TLS verification with our custom TLS
		// verification defined in verifyPeerCertificateFunc(). This allows the
		// connector to gracefully and securely handle deviations from standard TLS
		// hostname validation in some existing Cloud SQL certificates.
		InsecureSkipVerify:    true,
		VerifyPeerCertificate: verifyPeerCertificateFunc(serverName, c.ConnectionName, pool),
	}
}