func()

in plugin/lib/certs/tls.go [34:62]

• 23 lines of code
• 7 McCabe index (conditional complexity)

func (t *TLSConfiguration) GetTLSClientConf() (*tls.Config, error) {
	var rcaPool *x509.CertPool

	// pull the system cert pool as a base...unless we're on windows
	if runtime.GOOS != "windows" {
		if p, err := x509.SystemCertPool(); err != nil {
			return nil, err
		} else {
			rcaPool = p
		}
	} else {
		// only set the cert pool if we have CAs to trust
		// because windows will work
		if len(t.TrustedCACerts) > 0 {
			rcaPool = x509.NewCertPool()
		}
	}

	if len(t.TrustedCACerts) > 0 && rcaPool != nil {
		for _, rca := range t.TrustedCACerts {
			rcaPool.AddCert(rca)
		}
	}

	return &tls.Config{
		Certificates: t.ClientCerts,
		RootCAs:      rcaPool,
	}, nil
}