diff --git a/cmd/client-s3.go b/cmd/client-s3.go index 6b3a167757..df69cf92bf 100644 --- a/cmd/client-s3.go +++ b/cmd/client-s3.go @@ -137,50 +137,55 @@ func newFactory() func(config *Config) (Client, *probe.Error) { creds = credentials.NewStaticV2(config.AccessKey, config.SecretKey, "") } - tr := &http.Transport{ - Proxy: http.ProxyFromEnvironment, - DialContext: (&net.Dialer{ - Timeout: 10 * time.Second, - KeepAlive: 15 * time.Second, - }).DialContext, - MaxIdleConnsPerHost: 256, - IdleConnTimeout: 90 * time.Second, - TLSHandshakeTimeout: 10 * time.Second, - ExpectContinueTimeout: 10 * time.Second, - // Set this value so that the underlying transport round-tripper - // doesn't try to auto decode the body of objects with - // content-encoding set to `gzip`. - // - // Refer: - // https://golang.org/src/net/http/transport.go?h=roundTrip#L1843 - DisableCompression: true, - } + var transport http.RoundTripper - if useTLS { - // Keep TLS config. - tlsConfig := &tls.Config{ - RootCAs: globalRootCAs, - // Can't use SSLv3 because of POODLE and BEAST - // Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher - // Can't use TLSv1.1 because of RC4 cipher usage - MinVersion: tls.VersionTLS12, + if config.Transport != nil { + transport = config.Transport + } else { + tr := &http.Transport{ + Proxy: http.ProxyFromEnvironment, + DialContext: (&net.Dialer{ + Timeout: 10 * time.Second, + KeepAlive: 15 * time.Second, + }).DialContext, + MaxIdleConnsPerHost: 256, + IdleConnTimeout: 90 * time.Second, + TLSHandshakeTimeout: 10 * time.Second, + ExpectContinueTimeout: 10 * time.Second, + // Set this value so that the underlying transport round-tripper + // doesn't try to auto decode the body of objects with + // content-encoding set to `gzip`. + // + // Refer: + // https://golang.org/src/net/http/transport.go?h=roundTrip#L1843 + DisableCompression: true, } - if config.Insecure { - tlsConfig.InsecureSkipVerify = true + if useTLS { + // Keep TLS config. + tlsConfig := &tls.Config{ + RootCAs: globalRootCAs, + // Can't use SSLv3 because of POODLE and BEAST + // Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher + // Can't use TLSv1.1 because of RC4 cipher usage + MinVersion: tls.VersionTLS12, + } + if config.Insecure { + tlsConfig.InsecureSkipVerify = true + } + tr.TLSClientConfig = tlsConfig + + // Because we create a custom TLSClientConfig, we have to opt-in to HTTP/2. + // See https://github.com/golang/go/issues/14275 + // + // TODO: Enable http2.0 when upstream issues related to HTTP/2 are fixed. + // + // if e = http2.ConfigureTransport(tr); e != nil { + // return nil, probe.NewError(e) + // } } - tr.TLSClientConfig = tlsConfig - - // Because we create a custom TLSClientConfig, we have to opt-in to HTTP/2. - // See https://github.com/golang/go/issues/14275 - // - // TODO: Enable http2.0 when upstream issues related to HTTP/2 are fixed. - // - // if e = http2.ConfigureTransport(tr); e != nil { - // return nil, probe.NewError(e) - // } + transport = tr } - var transport http.RoundTripper = tr if config.Debug { if strings.EqualFold(config.Signature, "S3v4") { transport = httptracer.GetNewTraceTransport(newTraceV4(), transport) diff --git a/cmd/client.go b/cmd/client.go index 0eae9ebc64..f93836c396 100644 --- a/cmd/client.go +++ b/cmd/client.go @@ -19,6 +19,7 @@ package cmd import ( "context" "io" + "net/http" "os" "time" @@ -194,6 +195,7 @@ type Config struct { Debug bool Insecure bool Lookup minio.BucketLookupType + Transport *http.Transport } // SelectObjectOpts - opts entered for select API