in transport/tlscommon/config.go [43:90]
func LoadTLSConfig(config *Config) (*TLSConfig, error) {
if !config.IsEnabled() {
return nil, nil
}
var fail []error
logFail := func(es ...error) {
for _, e := range es {
if e != nil {
fail = append(fail, e)
}
}
}
curves := make([]tls.CurveID, len(config.CurveTypes))
for idx, id := range config.CurveTypes {
curves[idx] = tls.CurveID(id)
}
cert, err := LoadCertificate(&config.Certificate)
logFail(err)
cas, errs := LoadCertificateAuthorities(config.CAs)
logFail(errs...)
// fail, if any error occurred when loading certificate files
if len(fail) != 0 {
return nil, errors.Join(fail...)
}
certs := make([]tls.Certificate, 0)
if cert != nil {
certs = []tls.Certificate{*cert}
}
// return config if no error occurred
return &TLSConfig{
Versions: config.Versions,
Verification: config.VerificationMode,
Certificates: certs,
RootCAs: cas,
CipherSuites: config.CipherSuites,
CurvePreferences: curves,
Renegotiation: tls.RenegotiationSupport(config.Renegotiation),
CASha256: config.CASha256,
CATrustedFingerprint: config.CATrustedFingerprint,
}, nil
}