forked from cloudfoundry-attic/bosh-ext-cli
/
mutual_tls_client.go
38 lines (33 loc) · 948 Bytes
/
mutual_tls_client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
package httpclient
import (
"crypto/tls"
"crypto/x509"
"net"
"net/http"
"time"
"github.com/pivotal-cf/paraphernalia/secure/tlsconfig"
)
func NewMutualTLSClient(identity tls.Certificate, caCertPool *x509.CertPool, serverName string) *http.Client {
tlsConfig := tlsconfig.Build(
tlsconfig.WithIdentity(identity),
tlsconfig.WithInternalServiceDefaults(),
)
clientConfig := tlsConfig.Client(tlsconfig.WithAuthority(caCertPool))
clientConfig.BuildNameToCertificate()
clientConfig.ServerName = serverName
return &http.Client{
Transport: &http.Transport{
DialContext: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
DualStack: true,
}).DialContext,
MaxIdleConns: 100,
IdleConnTimeout: 90 * time.Second,
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
TLSClientConfig: clientConfig,
},
Timeout: 10 * time.Second,
}
}