Skip to content

Commit

Permalink
[improve] let tlsoptions include std tlsconfig
Browse files Browse the repository at this point in the history
Signed-off-by: lookupman <lookupman@163.com>
  • Loading branch information
dream-kzx committed Sep 29, 2024
1 parent 630d5f8 commit 3f83f50
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 19 deletions.
2 changes: 2 additions & 0 deletions pulsar/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,8 @@ type ClientOptions struct {
// TLSMaxVersion contains the maximum TLS version that is acceptable. See tls.Config MaxVersion for more information.
TLSMaxVersion uint16

TLSConfig *tls.Config

// Configure the net model for vpc user to connect the pulsar broker
ListenerName string

Expand Down
1 change: 1 addition & 0 deletions pulsar/client_impl.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ func newClient(options ClientOptions) (Client, error) {
CipherSuites: options.TLSCipherSuites,
MinVersion: options.TLSMinVersion,
MaxVersion: options.TLSMaxVersion,
TLSConfig: options.TLSConfig,
}
default:
return nil, newError(InvalidConfiguration, fmt.Sprintf("Invalid URL scheme '%s'", url.Scheme))
Expand Down
5 changes: 5 additions & 0 deletions pulsar/internal/connection.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ type TLSOptions struct {
CipherSuites []uint16
MinVersion uint16
MaxVersion uint16
TLSConfig *tls.Config
}

var (
Expand Down Expand Up @@ -1083,6 +1084,10 @@ func (c *connection) closed() bool {
}

func (c *connection) getTLSConfig() (*tls.Config, error) {
if c.tlsOptions.TLSConfig != nil {
return c.tlsOptions.TLSConfig, nil
}

tlsConfig := &tls.Config{
InsecureSkipVerify: c.tlsOptions.AllowInsecureConnection,
CipherSuites: c.tlsOptions.CipherSuites,
Expand Down
42 changes: 23 additions & 19 deletions pulsar/internal/http_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -339,29 +339,33 @@ func responseError(resp *http.Response) error {
func getDefaultTransport(tlsConfig *TLSOptions) (http.RoundTripper, error) {
transport := http.DefaultTransport.(*http.Transport)
if tlsConfig != nil {
cfg := &tls.Config{
InsecureSkipVerify: tlsConfig.AllowInsecureConnection,
CipherSuites: tlsConfig.CipherSuites,
MinVersion: tlsConfig.MinVersion,
MaxVersion: tlsConfig.MaxVersion,
}
if len(tlsConfig.TrustCertsFilePath) > 0 {
rootCA, err := os.ReadFile(tlsConfig.TrustCertsFilePath)
if err != nil {
return nil, err
if tlsConfig.TLSConfig != nil {
transport.TLSClientConfig = tlsConfig.TLSConfig
} else {
cfg := &tls.Config{
InsecureSkipVerify: tlsConfig.AllowInsecureConnection,
CipherSuites: tlsConfig.CipherSuites,
MinVersion: tlsConfig.MinVersion,
MaxVersion: tlsConfig.MaxVersion,
}
if len(tlsConfig.TrustCertsFilePath) > 0 {
rootCA, err := os.ReadFile(tlsConfig.TrustCertsFilePath)
if err != nil {
return nil, err
}
cfg.RootCAs = x509.NewCertPool()
cfg.RootCAs.AppendCertsFromPEM(rootCA)
}
cfg.RootCAs = x509.NewCertPool()
cfg.RootCAs.AppendCertsFromPEM(rootCA)
}

if tlsConfig.CertFile != "" && tlsConfig.KeyFile != "" {
cert, err := tls.LoadX509KeyPair(tlsConfig.CertFile, tlsConfig.KeyFile)
if err != nil {
return nil, errors.New(err.Error())
if tlsConfig.CertFile != "" && tlsConfig.KeyFile != "" {
cert, err := tls.LoadX509KeyPair(tlsConfig.CertFile, tlsConfig.KeyFile)
if err != nil {
return nil, errors.New(err.Error())
}
cfg.Certificates = []tls.Certificate{cert}
}
cfg.Certificates = []tls.Certificate{cert}
transport.TLSClientConfig = cfg
}
transport.TLSClientConfig = cfg
}
transport.MaxIdleConnsPerHost = 10
return transport, nil
Expand Down

0 comments on commit 3f83f50

Please sign in to comment.