in internal/httptransport/transport.go [68:101]
func NewTransportWithClientCert(clientCfg config.HTTPClientCfg) *http.Transport {
certPool := pool()
for _, caFile := range clientCfg.CAFiles {
cert, err := os.ReadFile(caFile)
if err == nil {
certPool.AppendCertsFromPEM(cert)
} else {
log.WithError(err).WithField("ca-file", caFile).Error("reading CA file")
}
}
tlsConfig := &tls.Config{
RootCAs: certPool,
MinVersion: tls.VersionTLS12, // set MinVersion to fix gosec: G402
}
tlsConfig.MinVersion = clientCfg.MinVersion
tlsConfig.MaxVersion = clientCfg.MaxVersion
if clientCfg.Cert != nil {
tlsConfig.Certificates = []tls.Certificate{*clientCfg.Cert}
}
t := NewTransport()
t.DialTLSContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
var dialer tls.Dialer
dialer.Config = tlsConfig
return dialer.DialContext(ctx, network, addr)
}
t.TLSClientConfig = tlsConfig
return t
}