in client/httpclient.go [153:191]
func buildHTTPSTransport(hcc httpClientCfg, gitlabURL string) (*http.Transport, string, error) {
certPool, err := x509.SystemCertPool()
if err != nil {
certPool = x509.NewCertPool()
}
if hcc.caFile != "" {
addCertToPool(certPool, hcc.caFile)
}
if hcc.caPath != "" {
fis, _ := os.ReadDir(hcc.caPath)
for _, fi := range fis {
if fi.IsDir() {
continue
}
addCertToPool(certPool, filepath.Join(hcc.caPath, fi.Name()))
}
}
tlsConfig := &tls.Config{
RootCAs: certPool,
MinVersion: tls.VersionTLS12,
}
if hcc.HaveCertAndKey() {
cert, loadErr := tls.LoadX509KeyPair(hcc.certPath, hcc.keyPath)
if loadErr != nil {
return nil, "", loadErr
}
tlsConfig.Certificates = []tls.Certificate{cert}
}
transport := &http.Transport{
TLSClientConfig: tlsConfig,
}
return transport, gitlabURL, err
}