func configTLS()

in pkg/core/backend/client.go [118:149]

• 31 lines of code
• 9 McCabe index (conditional complexity)

func configTLS(conf *Config) (tc *tls.Config, tlsErr error) {
	if err := checkTLSFile(conf.CaPemPath); err != nil {
		return nil, err
	}
	tlsConfig := new(tls.Config)
	tlsConfig.Renegotiation = tls.RenegotiateNever
	tlsConfig.InsecureSkipVerify = conf.InsecureSkipVerify
	caPem, err := os.ReadFile(conf.CaPemPath)
	if err != nil {
		return nil, err
	}
	certPool := x509.NewCertPool()
	if !certPool.AppendCertsFromPEM(caPem) {
		return nil, fmt.Errorf("failed to append certificates")
	}
	tlsConfig.RootCAs = certPool

	if conf.ClientKeyPath != "" && conf.ClientPemPath != "" {
		if err := checkTLSFile(conf.ClientKeyPath); err != nil {
			return nil, err
		}
		if err := checkTLSFile(conf.ClientPemPath); err != nil {
			return nil, err
		}
		clientPem, err := tls.LoadX509KeyPair(conf.ClientPemPath, conf.ClientKeyPath)
		if err != nil {
			return nil, err
		}
		tlsConfig.Certificates = []tls.Certificate{clientPem}
	}
	return tlsConfig, nil
}