/
healthcheck.go
36 lines (33 loc) · 1003 Bytes
/
healthcheck.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package healthcheck
import (
"crypto/tls"
"crypto/x509"
"net"
"net/http"
)
// RoundTripper returns a specially configured round tripper. When the client
// is used to connect to a remote TLS server (e.g.
// openshift.<random>.osadev.cloud), it will in fact dial dialHost (e.g.
// <random>.<location>.cloudapp.azure.com). It will then negotiate TLS against
// the former address (i.e. openshift.<random>.osadev.cloud), verifying that the
// server certificate presented matches cert.
func RoundTripper(dialHost string, cert *x509.Certificate) http.RoundTripper {
pool := x509.NewCertPool()
pool.AddCert(cert)
return &http.Transport{
DialTLS: func(network, addr string) (net.Conn, error) {
host, port, err := net.SplitHostPort(addr)
if err != nil {
return nil, err
}
c, err := net.Dial(network, net.JoinHostPort(dialHost, port))
if err != nil {
return nil, err
}
return tls.Client(c, &tls.Config{
RootCAs: pool,
ServerName: host,
}), nil
},
}
}