in internal/app/http_client.go [22:55]
func newHTTPClient(ctx *cli.Context, log logrus.FieldLogger) (gitlab.HTTPClient, error) {
extraCA := ctx.String(flags.AdditionalCACertBundle)
rootCAs, err := x509.SystemCertPool()
if err != nil {
// SystemCertPool is not supported on Windows, safe to call x509.NewCertPool() below
if runtime.GOOS != "windows" {
return nil, fmt.Errorf("getting system cert pool: %w", err)
}
rootCAs = x509.NewCertPool()
}
if extraCA != "" {
if err := loadExtraCACert(rootCAs, extraCA, log); err != nil {
return nil, err
}
}
transport := http.DefaultTransport.(*http.Transport).Clone()
transport.TLSClientConfig = &tls.Config{
// nolint: gosec
// G402: TLS InsecureSkipVerify may be true
// set to true at your own risk
InsecureSkipVerify: ctx.Bool(flags.InsecureHTTPS),
RootCAs: rootCAs,
}
return &http.Client{
Timeout: ctx.Duration(flags.Timeout),
Transport: transport,
}, nil
}