|
@@ -36,15 +36,12 @@ const (
|
|
|
ConnectTimeout
|
|
ConnectTimeout
|
|
|
)
|
|
)
|
|
|
|
|
|
|
|
-func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate, timeout TimeoutType, secure bool) *http.Client {
|
|
|
|
|
|
|
+func newClient(jar http.CookieJar, roots *x509.CertPool, certs []tls.Certificate, timeout TimeoutType, secure bool) *http.Client {
|
|
|
tlsConfig := tls.Config{
|
|
tlsConfig := tls.Config{
|
|
|
RootCAs: roots,
|
|
RootCAs: roots,
|
|
|
// Avoid fallback to SSL protocols < TLS1.0
|
|
// Avoid fallback to SSL protocols < TLS1.0
|
|
|
- MinVersion: tls.VersionTLS10,
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- if cert != nil {
|
|
|
|
|
- tlsConfig.Certificates = append(tlsConfig.Certificates, *cert)
|
|
|
|
|
|
|
+ MinVersion: tls.VersionTLS10,
|
|
|
|
|
+ Certificates: certs,
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if !secure {
|
|
if !secure {
|
|
@@ -94,7 +91,7 @@ func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate,
|
|
|
func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secure bool) (*http.Response, *http.Client, error) {
|
|
func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secure bool) (*http.Response, *http.Client, error) {
|
|
|
var (
|
|
var (
|
|
|
pool *x509.CertPool
|
|
pool *x509.CertPool
|
|
|
- certs []*tls.Certificate
|
|
|
|
|
|
|
+ certs []tls.Certificate
|
|
|
)
|
|
)
|
|
|
|
|
|
|
|
if secure && req.URL.Scheme == "https" {
|
|
if secure && req.URL.Scheme == "https" {
|
|
@@ -137,7 +134,7 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secur
|
|
|
if err != nil {
|
|
if err != nil {
|
|
|
return nil, nil, err
|
|
return nil, nil, err
|
|
|
}
|
|
}
|
|
|
- certs = append(certs, &cert)
|
|
|
|
|
|
|
+ certs = append(certs, cert)
|
|
|
}
|
|
}
|
|
|
if strings.HasSuffix(f.Name(), ".key") {
|
|
if strings.HasSuffix(f.Name(), ".key") {
|
|
|
keyName := f.Name()
|
|
keyName := f.Name()
|
|
@@ -159,19 +156,9 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secur
|
|
|
return res, client, nil
|
|
return res, client, nil
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- for i, cert := range certs {
|
|
|
|
|
- client := newClient(jar, pool, cert, timeout, secure)
|
|
|
|
|
- res, err := client.Do(req)
|
|
|
|
|
- // If this is the last cert, otherwise, continue to next cert if 403 or 5xx
|
|
|
|
|
- if i == len(certs)-1 || err == nil &&
|
|
|
|
|
- res.StatusCode != 403 &&
|
|
|
|
|
- res.StatusCode != 404 &&
|
|
|
|
|
- res.StatusCode < 500 {
|
|
|
|
|
- return res, client, err
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- return nil, nil, nil
|
|
|
|
|
|
|
+ client := newClient(jar, pool, certs, timeout, secure)
|
|
|
|
|
+ res, err := client.Do(req)
|
|
|
|
|
+ return res, client, err
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func validateRepositoryName(repositoryName string) error {
|
|
func validateRepositoryName(repositoryName string) error {
|
Vincent Batts