func LoadTLSServerConfig()

in transport/tlscommon/server_config.go [43:99]

• 46 lines of code
• 9 McCabe index (conditional complexity)

func LoadTLSServerConfig(config *ServerConfig) (*TLSConfig, error) {
	if !config.IsEnabled() {
		return nil, nil
	}

	var fail []error
	logFail := func(es ...error) {
		for _, e := range es {
			if e != nil {
				fail = append(fail, e)
			}
		}
	}

	cipherSuites := make([]uint16, len(config.CipherSuites))
	for idx, suite := range config.CipherSuites {
		cipherSuites[idx] = uint16(suite)
	}

	curves := make([]tls.CurveID, len(config.CurveTypes))
	for idx, id := range config.CurveTypes {
		curves[idx] = tls.CurveID(id)
	}

	cert, err := LoadCertificate(&config.Certificate)
	logFail(err)

	cas, errs := LoadCertificateAuthorities(config.CAs)
	logFail(errs...)

	// fail, if any error occurred when loading certificate files
	if len(fail) != 0 {
		return nil, errors.Join(fail...)
	}

	certs := make([]tls.Certificate, 0)
	if cert != nil {
		certs = []tls.Certificate{*cert}
	}

	clientAuth := TLSClientAuthNone
	if config.ClientAuth != nil {
		clientAuth = *config.ClientAuth
	}

	// return config if no error occurred
	return &TLSConfig{
		Versions:         config.Versions,
		Verification:     config.VerificationMode,
		Certificates:     certs,
		ClientCAs:        cas,
		CipherSuites:     config.CipherSuites,
		CurvePreferences: curves,
		ClientAuth:       tls.ClientAuthType(clientAuth),
		CASha256:         config.CASha256,
	}, nil
}