in plugins/core/reporter/grpc/grpc_opts_enhance.go [75:106]
func generateTLSCredential(caPath, clientKeyPath, clientCertChainPath string, skipVerify bool) (tc credentials.TransportCredentials, tlsErr error) {
if err := checkTLSFile(caPath); err != nil {
return nil, err
}
tlsConfig := new(tls.Config)
tlsConfig.Renegotiation = tls.RenegotiateNever
tlsConfig.InsecureSkipVerify = skipVerify
caPem, err := os.ReadFile(caPath)
if err != nil {
return nil, err
}
certPool := x509.NewCertPool()
if !certPool.AppendCertsFromPEM(caPem) {
return nil, fmt.Errorf("failed to append certificates")
}
tlsConfig.RootCAs = certPool
if clientKeyPath != "" && clientCertChainPath != "" {
if err := checkTLSFile(clientKeyPath); err != nil {
return nil, err
}
if err := checkTLSFile(clientCertChainPath); err != nil {
return nil, err
}
clientPem, err := tls.LoadX509KeyPair(clientCertChainPath, clientKeyPath)
if err != nil {
return nil, err
}
tlsConfig.Certificates = []tls.Certificate{clientPem}
}
return credentials.NewTLS(tlsConfig), nil
}