Skip to content

Commit 5d4b04f

Browse files
phsymphsym
committed
feat(client): option to provide a custom *tls.Config
Signed-off-by: Pierre-Henri Symoneaux <[email protected]>
1 parent 2549bd3 commit 5d4b04f

File tree

1 file changed

+35
-18
lines changed

1 file changed

+35
-18
lines changed

kmipclient/client.go

+35-18
Original file line numberDiff line numberDiff line change
@@ -25,29 +25,38 @@ type opts struct {
2525
rootCAs [][]byte
2626
certs []tls.Certificate
2727
serverName string
28+
tlsCfg *tls.Config
2829
//TODO: Add KMIP Authentication / Credentials
2930
//TODO: Overwrite default/preferred/supported key formats for register
3031
}
3132

3233
func (o *opts) tlsConfig() (*tls.Config, error) {
33-
var rootCAs *x509.CertPool
34-
if len(o.rootCAs) > 0 {
35-
rootCAs = x509.NewCertPool()
36-
for _, ca := range o.rootCAs {
37-
rootCAs.AppendCertsFromPEM(ca)
38-
}
39-
} else {
40-
var err error
41-
if rootCAs, err = x509.SystemCertPool(); err != nil {
42-
return nil, err
34+
cfg := o.tlsCfg
35+
if cfg == nil {
36+
cfg = &tls.Config{}
37+
}
38+
if cfg.RootCAs == nil {
39+
if len(o.rootCAs) > 0 {
40+
cfg.RootCAs = x509.NewCertPool()
41+
} else {
42+
var err error
43+
if cfg.RootCAs, err = x509.SystemCertPool(); err != nil {
44+
return nil, err
45+
}
4346
}
4447
}
45-
return &tls.Config{
46-
RootCAs: rootCAs,
47-
Certificates: o.certs,
48-
ServerName: o.serverName,
49-
MinVersion: tls.VersionTLS12, // As required by KMIP 1.4 spec
50-
CipherSuites: []uint16{
48+
for _, ca := range o.rootCAs {
49+
cfg.RootCAs.AppendCertsFromPEM(ca)
50+
}
51+
cfg.Certificates = append(cfg.Certificates, o.certs...)
52+
if cfg.ServerName == "" {
53+
cfg.ServerName = o.serverName
54+
}
55+
if cfg.MinVersion == 0 {
56+
cfg.MinVersion = tls.VersionTLS12 // As required by KMIP 1.4 spec
57+
}
58+
if len(cfg.CipherSuites) == 0 {
59+
cfg.CipherSuites = []uint16{
5160
// Mandatory support as per KMIP 1.4 spec
5261
// tls.TLS_RSA_WITH_AES_256_CBC_SHA256, // Not supported in Go
5362
tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
@@ -62,8 +71,9 @@ func (o *opts) tlsConfig() (*tls.Config, error) {
6271
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
6372
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
6473
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
65-
},
66-
}, nil
74+
}
75+
}
76+
return cfg, nil
6777
}
6878

6979
type Option func(*opts) error
@@ -152,6 +162,13 @@ func WithServerName(name string) Option {
152162
}
153163
}
154164

165+
func WithTlsConfig(cfg *tls.Config) Option {
166+
return func(o *opts) error {
167+
o.tlsCfg = cfg
168+
return nil
169+
}
170+
}
171+
155172
type Client struct {
156173
lock *sync.Mutex
157174
conn *conn

0 commit comments

Comments
 (0)