in tools/Elasticurl/Elasticurl.cs [234:292]
static TlsConnectionOptions InitTls()
{
TlsConnectionOptions tlsConnectionOptions = null;
if (ctx.Uri.Scheme == Uri.UriSchemeHttps || (ctx.Uri.Port != 80 && ctx.Uri.Port != 8080))
{
TlsContextOptions tlsOptions = null;
if (ctx.Certificate != null && ctx.PrivateKey != null)
{
try
{
tlsOptions = TlsContextOptions.ClientMtlsFromPath(ctx.Certificate, ctx.PrivateKey);
}
catch (NativeException nex)
{
Console.WriteLine(
"Unable to initialize MTLS with cert {0} and key {1}: {2}",
ctx.Certificate, ctx.PrivateKey, nex);
Environment.Exit(-1);
}
}
else
{
tlsOptions = TlsContextOptions.DefaultClient();
}
if (ctx.CACert != null || ctx.CAPath != null)
{
try
{
tlsOptions.OverrideDefaultTrustStoreFromPath(ctx.CAPath, ctx.CACert);
}
catch (NativeException nex)
{
Console.WriteLine("Unable to override default trust store: {0}", nex);
Environment.Exit(-1);
}
}
if (ctx.Insecure)
{
tlsOptions.VerifyPeer = false;
}
tlsOptions.AlpnList = "http/1.1";
try
{
TlsContext tls = new ClientTlsContext(tlsOptions);
tlsConnectionOptions = new TlsConnectionOptions(tls);
tlsConnectionOptions.ServerName = ctx.Uri.Host;
}
catch (NativeException nex)
{
Console.WriteLine("Unable to initialize TLS: {0}", nex);
Environment.Exit(-1);
}
}
return tlsConnectionOptions;
}