Use system CAs when Certificates are not specified.
This commit modifies the TLS setup to only override the RootCAs for the TLS connection if certificates are specified. This allows the Certificates parameter to be ommitted from the connection config to use the system CAs.
This commit is contained in:
Dave Collins
parent
0ae3676a7d
commit
a9e1b8fb84
1 changed files with 11 additions and 7 deletions
|
|
@ -966,10 +966,12 @@ func newHTTPClient(config *ConnConfig) (*http.Client, error) {
|
|||
// Configure TLS if needed.
|
||||
var tlsConfig *tls.Config
|
||||
if !config.DisableTLS {
|
||||
pool := x509.NewCertPool()
|
||||
pool.AppendCertsFromPEM(config.Certificates)
|
||||
tlsConfig = &tls.Config{
|
||||
RootCAs: pool,
|
||||
if len(config.Certificates) > 0 {
|
||||
pool := x509.NewCertPool()
|
||||
pool.AppendCertsFromPEM(config.Certificates)
|
||||
tlsConfig = &tls.Config{
|
||||
RootCAs: pool,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -990,12 +992,14 @@ func dial(config *ConnConfig) (*websocket.Conn, error) {
|
|||
var tlsConfig *tls.Config
|
||||
var scheme = "ws"
|
||||
if !config.DisableTLS {
|
||||
pool := x509.NewCertPool()
|
||||
pool.AppendCertsFromPEM(config.Certificates)
|
||||
tlsConfig = &tls.Config{
|
||||
RootCAs: pool,
|
||||
MinVersion: tls.VersionTLS12,
|
||||
}
|
||||
if len(config.Certificates) > 0 {
|
||||
pool := x509.NewCertPool()
|
||||
pool.AppendCertsFromPEM(config.Certificates)
|
||||
tlsConfig.RootCAs = pool
|
||||
}
|
||||
scheme = "wss"
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue