func getTLSClient()

in cmd/datasource-syncer/main.go [288:325]

• 32 lines of code
• 14 McCabe index (conditional complexity)

func getTLSClient(certFile, keyFile, caFile string, insecureSkipVerify bool) (*http.Client, error) {
	if (certFile != "" || keyFile != "") && (certFile == "" || keyFile == "") {
		return nil, errors.New("--tls-cert and tls-key must both be set or unset")
	}

	if certFile == "" && keyFile == "" && caFile == "" && !insecureSkipVerify {
		return nil, nil
	}

	tlsConfig := &tls.Config{
		InsecureSkipVerify: insecureSkipVerify,
	}

	if certFile != "" && keyFile != "" {
		cert, err := tls.LoadX509KeyPair(certFile, keyFile)
		if err != nil {
			return nil, fmt.Errorf("unable to load server cert and key: %w", err)
		}
		tlsConfig.Certificates = []tls.Certificate{cert}
	}

	if caFile != "" {
		caCert, err := os.ReadFile(caFile)
		if err != nil {
			return nil, fmt.Errorf("unable to read ca cert: %w", err)
		}
		caCertPool := x509.NewCertPool()
		caCertPool.AppendCertsFromPEM(caCert)
		tlsConfig.RootCAs = caCertPool
	}

	transport := http.DefaultTransport.(*http.Transport).Clone()
	transport.TLSClientConfig = tlsConfig

	client := cleanhttp.DefaultClient()
	client.Transport = transport
	return client, nil
}