func()

in tls.go [45:80]

• 35 lines of code
• 5 McCabe index (conditional complexity)

func (s *ServerTlsConfigBuilder) BuildTlsConfig() (*tls.Config, error) {
	var (
		err         error
		certPem     []byte
		certificate tls.Certificate
		certPool    *x509.CertPool
		config      *tls.Config
	)
	if certificate, err = tls.LoadX509KeyPair(s.ServerKeyCertChainPath, s.ServerPrivateKeyPath); err != nil {
		log.Error(fmt.Sprintf("tls.LoadX509KeyPair(certs{%s}, privateKey{%s}) = err:%+v",
			s.ServerKeyCertChainPath, s.ServerPrivateKeyPath, perrors.WithStack(err)))
		return nil, err
	}
	config = &tls.Config{
		InsecureSkipVerify: true, // do not verify peer certs
		ClientAuth:         tls.RequireAnyClientCert,
		Certificates:       []tls.Certificate{certificate},
	}

	if s.ServerTrustCertCollectionPath != "" {
		certPem, err = ioutil.ReadFile(s.ServerTrustCertCollectionPath)
		if err != nil {
			log.Error(fmt.Errorf("ioutil.ReadFile(certFile{%s}) = err:%+v", s.ServerTrustCertCollectionPath, perrors.WithStack(err)))
			return nil, err
		}
		certPool = x509.NewCertPool()
		if ok := certPool.AppendCertsFromPEM(certPem); !ok {
			log.Error("failed to parse root certificate file")
			return nil, err
		}
		config.ClientCAs = certPool
		config.ClientAuth = tls.RequireAnyClientCert
		config.InsecureSkipVerify = false
	}
	return config, nil
}