// tlsConfig builds a tls.Config for dialing the upstream host. Constructed // tls.Configs are cached on a per-masquerade basis to enable client session // caching and reduce the amount of PEM certificate parsing. func (serverInfo *ServerInfo) tlsConfig(masquerade *Masquerade) *tls.Config { serverInfo.tlsConfigsMutex.Lock() defer serverInfo.tlsConfigsMutex.Unlock() if serverInfo.tlsConfigs == nil { serverInfo.tlsConfigs = make(map[string]*tls.Config) } configKey := "" serverName := serverInfo.Host if masquerade != nil { configKey = masquerade.Domain + "|" + masquerade.RootCA serverName = masquerade.Domain } tlsConfig := serverInfo.tlsConfigs[configKey] if tlsConfig == nil { tlsConfig = &tls.Config{ ClientSessionCache: tls.NewLRUClientSessionCache(1000), InsecureSkipVerify: serverInfo.InsecureSkipVerify, ServerName: serverName, } if masquerade != nil && masquerade.RootCA != "" { caCert, err := keyman.LoadCertificateFromPEMBytes([]byte(masquerade.RootCA)) if err != nil { log.Fatalf("Unable to load root ca cert: %s", err) } tlsConfig.RootCAs = caCert.PoolContainingCert() } serverInfo.tlsConfigs[configKey] = tlsConfig } return tlsConfig }
// InConfigDir returns the path to the given filename inside of the configDir. func InConfigDir(filename string) string { if *configDir == "" { return filename } else { if _, err := os.Stat(*configDir); err != nil { if os.IsNotExist(err) { // Create config dir if err := os.MkdirAll(*configDir, 0755); err != nil { log.Fatalf("Unable to create configDir at %s: %s", *configDir, err) } } } return fmt.Sprintf("%s%c%s", *configDir, os.PathSeparator, filename) } }