Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #1164 from grongor/dont-use-default-http-client
Allow users to use custom HTTP client
  • Loading branch information
nickysemenza committed Jan 12, 2021
2 parents 23b638f + 7a59a7d commit 3cc617f
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
5 changes: 4 additions & 1 deletion bundler/bundler.go
Expand Up @@ -32,6 +32,9 @@ import (
// When unspecified, downloaded intermediates are not saved.
var IntermediateStash string

// HTTPClient is an instance of http.Client that will be used for all HTTP requests.
var HTTPClient = http.DefaultClient

// BundleFlavor is named optimization strategy on certificate chain selection when bundling.
type BundleFlavor string

Expand Down Expand Up @@ -333,7 +336,7 @@ type fetchedIntermediate struct {
func fetchRemoteCertificate(certURL string) (fi *fetchedIntermediate, err error) {
log.Debugf("fetching remote certificate: %s", certURL)
var resp *http.Response
resp, err = http.Get(certURL)
resp, err = HTTPClient.Get(certURL)
if err != nil {
log.Debugf("failed HTTP get: %v", err)
return
Expand Down
11 changes: 7 additions & 4 deletions revoke/revoke.go
Expand Up @@ -25,6 +25,9 @@ import (
"github.com/cloudflare/cfssl/log"
)

// HTTPClient is an instance of http.Client that will be used for all HTTP requests.
var HTTPClient = http.DefaultClient

// HardFail determines whether the failure to check the revocation
// status of a certificate (i.e. due to network failure) causes
// verification to fail (a hard failure).
Expand Down Expand Up @@ -99,7 +102,7 @@ func revCheck(cert *x509.Certificate) (revoked, ok bool, err error) {

// fetchCRL fetches and parses a CRL.
func fetchCRL(url string) (*pkix.CertificateList, error) {
resp, err := http.Get(url)
resp, err := HTTPClient.Get(url)
if err != nil {
return nil, err
} else if resp.StatusCode >= 300 {
Expand Down Expand Up @@ -205,7 +208,7 @@ func VerifyCertificateError(cert *x509.Certificate) (revoked, ok bool, err error
}

func fetchRemote(url string) (*x509.Certificate, error) {
resp, err := http.Get(url)
resp, err := HTTPClient.Get(url)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -278,10 +281,10 @@ func sendOCSPRequest(server string, req []byte, leaf, issuer *x509.Certificate)
var err error
if len(req) > 256 {
buf := bytes.NewBuffer(req)
resp, err = http.Post(server, "application/ocsp-request", buf)
resp, err = HTTPClient.Post(server, "application/ocsp-request", buf)
} else {
reqURL := server + "/" + neturl.QueryEscape(base64.StdEncoding.EncodeToString(req))
resp, err = http.Get(reqURL)
resp, err = HTTPClient.Get(reqURL)
}

if err != nil {
Expand Down

0 comments on commit 3cc617f

Please sign in to comment.