// tlsConfig builds a tls.Config for dialing the upstream host. Constructed
// tls.Configs are cached on a per-masquerade basis to enable client session
// caching and reduce the amount of PEM certificate parsing.
func (serverInfo *ServerInfo) tlsConfig(masquerade *Masquerade) *tls.Config {
serverInfo.tlsConfigsMutex.Lock()
defer serverInfo.tlsConfigsMutex.Unlock()
if serverInfo.tlsConfigs == nil {
serverInfo.tlsConfigs = make(map[string]*tls.Config)
}
configKey := ""
serverName := serverInfo.Host
if masquerade != nil {
configKey = masquerade.Domain + "|" + masquerade.RootCA
serverName = masquerade.Domain
}
tlsConfig := serverInfo.tlsConfigs[configKey]
if tlsConfig == nil {
tlsConfig = &tls.Config{
ClientSessionCache: tls.NewLRUClientSessionCache(1000),
InsecureSkipVerify: serverInfo.InsecureSkipVerify,
ServerName: serverName,
}
if masquerade != nil && masquerade.RootCA != "" {
caCert, err := keyman.LoadCertificateFromPEMBytes([]byte(masquerade.RootCA))
if err != nil {
log.Fatalf("Unable to load root ca cert: %s", err)
}
tlsConfig.RootCAs = caCert.PoolContainingCert()
}
serverInfo.tlsConfigs[configKey] = tlsConfig
}
return tlsConfig
}
// InConfigDir returns the path to the given filename inside of the configDir.
func InConfigDir(filename string) string {
if *configDir == "" {
return filename
} else {
if _, err := os.Stat(*configDir); err != nil {
if os.IsNotExist(err) {
// Create config dir
if err := os.MkdirAll(*configDir, 0755); err != nil {
log.Fatalf("Unable to create configDir at %s: %s", *configDir, err)
}
}
}
return fmt.Sprintf("%s%c%s", *configDir, os.PathSeparator, filename)
}
}
