github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-10 05:30:26 +00:00
Code Issues Projects Releases Wiki Activity

Use CAFile even if client certificate is not specified

Browse Source
This commit is contained in:
Jordan Liggitt
2015-01-12 16:38:48 -05:00
parent 6f43074143
commit 1f8a74626f
3 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/client/helper.go
View File

@@ -186,9 +186,12 @@ func RESTClientFor(config *Config) (*RESTClient, error) {
// default http.DefaultTransport if no special case behavior is needed.
func TransportFor(config *Config) (http.RoundTripper, error) {
// Set transport level security
if config.Transport != nil && (config.CertFile != "" || config.Insecure) {
if config.Transport != nil && (config.CAFile != "" || config.CertFile != "" || config.Insecure) {
return nil, fmt.Errorf("using a custom transport with TLS certificate options or the insecure flag is not allowed")
}
if config.CAFile != "" && config.Insecure {
return nil, fmt.Errorf("specifying a root certificates file with the insecure flag is not allowed")
}
var transport http.RoundTripper
switch {
case config.Transport != nil:
@@ -199,6 +202,12 @@ func TransportFor(config *Config) (http.RoundTripper, error) {
return nil, err
}
transport = t
case config.CAFile != "":
t, err := NewTLSTransport(config.CAFile)
if err != nil {
return nil, err
}
transport = t
case config.Insecure:
transport = NewUnsafeTLSTransport()
default: