func configureTransport(t1 *http.Transport) error {
	connPool := new(clientConnPool)
	t2 := &Transport{ConnPool: noDialClientConnPool{connPool}}
	if err := registerHTTPSProtocol(t1, noDialH2RoundTripper{t2}); err != nil {
		return err
	}
	if t1.TLSClientConfig == nil {
		t1.TLSClientConfig = new(tls.Config)
	}
	if !strSliceContains(t1.TLSClientConfig.NextProtos, "h2") {
		t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...)
	}
	upgradeFn := func(authority string, c *tls.Conn) http.RoundTripper {
		cc, err := t2.NewClientConn(c)
		if err != nil {
			c.Close()
			return erringRoundTripper{err}
		}
		connPool.addConn(authorityAddr(authority), cc)
		return t2
	}
	if m := t1.TLSNextProto; len(m) == 0 {
		t1.TLSNextProto = map[string]func(string, *tls.Conn) http.RoundTripper{
			"h2": upgradeFn,
		}
	} else {
		m["h2"] = upgradeFn
	}
	return nil
}
Example #2
0
func (auth *Auth) NewClient() *http.Client {
	var client *http.Client
	var transport *http.Transport
	if auth.Settings["insecure"] != "" || auth.Settings["proxy_host"] != "" {
		transport = &http.Transport{}
	}
	if auth.Settings["insecure"] != "" {
		//FIXME
		os.Setenv("HTTP_PROXY", "http://127.0.0.1:10004")
		os.Setenv("NO_PROXY", "")
		var config *tls.Config = &tls.Config{
			InsecureSkipVerify: true,
		}
		transport.TLSClientConfig = config
	}
	if auth.Settings["proxy_host"] != "" {
		turl, _ := url.Parse("http://" + auth.Settings["proxy_host"] + ":" + auth.Settings["proxy_port"])
		transport.Proxy = http.ProxyURL(turl)
	}
	if auth.Settings["insecure"] != "" || auth.Settings["proxy_host"] != "" {
		client = &http.Client{
			Jar:       auth.CookieJar,
			Transport: transport,
		}
	} else {
		client = &http.Client{
			Jar: auth.CookieJar,
		}
	}
	return client
}
Example #3
0
// Creates a new HTTP connection pool using the given address and pool parameters.
//
// 'addr' is a net.Dial()-style 'host:port' destination for making the TCP connection for
// HTTP/HTTPS traffic.  It will be used as the hostname by default for virtual hosting
// and SSL certificate validation; if you'd like to use a different hostname,
// set params.HostHeader.
func NewSimplePool(addr string, params ConnectionParams) *SimplePool {
	pool := &SimplePool{
		addr:   addr,
		params: params,
		client: new(http.Client),
	}

	// setup HTTP transport
	transport := new(http.Transport)
	transport.ResponseHeaderTimeout = params.ResponseTimeout
	transport.MaxIdleConnsPerHost = params.MaxIdle
	transport.Proxy = http.ProxyFromEnvironment
	if params.Dial == nil {
		// dialTimeout could only be used in none proxy requests since it talks directly
		// to pool.addr
		if getenvEitherCase("HTTP_PROXY") == "" {
			transport.Dial = pool.dialTimeout
		}
	} else {
		transport.Dial = params.Dial
	}
	pool.transport = transport
	pool.client.Transport = transport

	if params.UseSSL && params.SkipVerifySSL {
		transport.TLSClientConfig = &tls.Config{
			InsecureSkipVerify: true,
		}
	}

	return pool
}
Example #4
0
// Creates a new Client with the provided options.
func New(o Options) (*Client, error) {
	if len(o.Endpoints) == 0 {
		return nil, missingEtcdEndpoint
	}

	if o.Timeout == 0 {
		o.Timeout = defaultTimeout
	}

	httpClient := &http.Client{Timeout: o.Timeout}

	if o.Insecure {
		var transport *http.Transport
		if dt, ok := http.DefaultTransport.(*http.Transport); ok {
			dtc := *dt
			transport = &dtc
		} else {
			transport = &http.Transport{
				Proxy: http.ProxyFromEnvironment,
				Dial: (&net.Dialer{
					Timeout:   30 * time.Second,
					KeepAlive: 30 * time.Second}).Dial,
				TLSHandshakeTimeout: 10 * time.Second}
		}

		transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
		httpClient.Transport = transport
	}

	return &Client{
		endpoints:  o.Endpoints,
		routesRoot: o.Prefix + routesPath,
		client:     httpClient,
		etcdIndex:  0}, nil
}
Example #5
0
func main() {

	transport := new(http.Transport)
	transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}

	client := new(http.Client)

	client.Transport = transport

	url := "https://10.80.65.70:9443/rest/agent/1a5dc1ef-f0e6-4aad-839a-a7880d539e8d"
	req, err := http.NewRequest("GET", url, nil)
	if err != nil {
		panic(err)
	}

	creds := convertCredentials("admin", "admin")

	req.Header.Add("Authorization", "Basic "+creds)

	resp, err := client.Do(req)
	if err != nil {
		panic(err)
	}

	fmt.Println(resp)

}
Example #6
0
func main() {
	flag.Parse()

	if *port == 0 {
		xport, err := strconv.Atoi(os.Getenv("PORT"))
		if err != nil {
			fmt.Println("Please specify the HTTP port (either flag or environment)")
			os.Exit(1)
		}
		*port = xport
	}

	if flag.NArg() < 1 {
		fmt.Println("Specify remote URL on the command line")
		os.Exit(1)
	}

	remote, err := url.Parse(flag.Arg(0))
	if err != nil {
		fmt.Println("error parsing remote URL", err)
		os.Exit(1)
	}

	transport := new(http.Transport)

	switch remote.Scheme {
	case "http":
		if *ca != "" {
			log.Println("ignoring ca flag for non-https remote")
		}

	case "https":
		if *ca != "" {
			pool := x509.NewCertPool()
			data, err := ioutil.ReadFile(*ca)
			if err != nil {
				log.Fatal(err)
				os.Exit(1)
			}
			pool.AppendCertsFromPEM(data)
			tlsconfig := new(tls.Config)
			tlsconfig.RootCAs = pool
			transport.TLSClientConfig = tlsconfig
		}

	default:
		fmt.Println("unsupported remote scheme:", remote.Scheme)
		os.Exit(1)
	}

	rp := &ReverseProxy{
		remote,
		transport,
	}

	log.Fatal(http.ListenAndServe(
		fmt.Sprintf(":%v", *port), rp))
}
Example #7
0
func NewClient(e *Env, config *ClientConfig, needCookie bool) *Client {
	var jar *cookiejar.Jar
	if needCookie && (config == nil || config.UseCookies) && e.GetTorMode().UseCookies() {
		jar, _ = cookiejar.New(nil)
	}

	var timeout time.Duration

	// from http.DefaultTransport;
	//
	// TODO: change this back (see comment below) to allow
	// shared Transport after we switch to go1.7
	xprt := http.Transport{
		Proxy: http.ProxyFromEnvironment,
		Dial: (&net.Dialer{
			Timeout:   30 * time.Second,
			KeepAlive: 30 * time.Second,
		}).Dial,
		TLSHandshakeTimeout:   10 * time.Second,
		ExpectContinueTimeout: 1 * time.Second,
	}

	// This disables HTTP/2. There's a bug introduced between (go1.6, go1.6.3]
	// that makes client.Get hang on certain HTTP/2 servers. See CORE-3441 for
	// details.
	//
	// TODO: remove this after the bug is fixed.
	xprt.TLSNextProto = make(
		map[string]func(authority string, c *tls.Conn) http.RoundTripper)

	if (config != nil && config.RootCAs != nil) || e.GetTorMode().Enabled() {
		if config != nil && config.RootCAs != nil {
			xprt.TLSClientConfig = &tls.Config{RootCAs: config.RootCAs}
		}
		if e.GetTorMode().Enabled() {
			dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, e.GetTorProxy())
			xprt.Dial = dialSocksProxy
		} else {
			xprt.Proxy = http.ProxyFromEnvironment
		}
	}
	if config == nil || config.Timeout == 0 {
		timeout = HTTPDefaultTimeout
	} else {
		timeout = config.Timeout
	}

	ret := &Client{
		cli:    &http.Client{Timeout: timeout},
		config: config,
	}
	if jar != nil {
		ret.cli.Jar = jar
	}
	ret.cli.Transport = &xprt
	return ret
}
Example #8
0
File: http.go Project: lopaka/rsc
// newRawClient creates an http package Client taking into account both the parameters and package
// variables.
func newRawClient(noredirect bool) *http.Client {
	tr := http.Transport{ResponseHeaderTimeout: ResponseHeaderTimeout, Proxy: http.ProxyFromEnvironment}
	tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: NoCertCheck}
	c := http.Client{Transport: &tr}
	if noredirect {
		c.CheckRedirect = func(*http.Request, []*http.Request) error {
			return fmt.Errorf(noRedirectError)
		}
	}
	return &c
}
Example #9
0
func main() {

	transport := new(http.Transport)
	transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}

	client := new(http.Client)

	client.Transport = transport

	url := "https://10.80.65.70:9443/rest/agent/1a5dc1ef-f0e6-4aad-839a-a7880d539e8d/log/9429c03e-a07a-48ef-8a74-a4c2ace992a2"
	req, err := http.NewRequest("GET", url, nil)
	if err != nil {
		panic(err)
	}

	creds := convertCredentials("admin", "admin")

	req.Header.Add("Authorization", "Basic "+creds)

	resp, err := client.Do(req)
	if err != nil {
		panic(err)
	}

	//	bytes, err := ioutil.ReadAll(resp.Body)
	//	if err != nil {
	//		panic(err)
	//	}

	//temp := resp.Header["Content-Disposition"]
	//temp2 := string.Fields("[attachment; filename=")
	//temp2 := strings.Trim(temp, "[attachment; filename=")
	//fmt.Println(temp2)
	//fmt.Println(bytes)
	//var result map[string]interface{}
	//err = json.Unmarshal(bytes, &result)
	//if err != nil {
	//		panic(err)
	//	}
	//	fmt.Println(result)

	/*
		defer resp.Body.Close()
		out, err := os.Create("filename.tar.gz")
		if err != nil {
			panic(err)
		}
		defer out.Close()
		io.Copy(out, resp.Body)
		fmt.Println(out)
	*/
}
Example #10
0
// New creates a new JSON-RPC over HTTPS client which uses the given
// certificate file to communicate with the server if the scheme of the URL is
// https.
func New(URL string, cert []byte) (*URLClient, error) {
	var pool *x509.CertPool
	transport := new(http.Transport)
	urlparsed, err := url.Parse(URL)
	if err != nil {
		return nil, err
	}
	if urlparsed.Scheme == "https" {
		pool = x509.NewCertPool()
		if !pool.AppendCertsFromPEM(cert) {
			return nil, ErrCertLoad
		}
		transport.TLSClientConfig = &tls.Config{RootCAs: pool}
	}
	return &URLClient{transport: transport, curl: URL}, nil
}
Example #11
0
// Creates a new HTTP connection pool using the given address and pool parameters.
//
// 'addr' is a net.Dial()-style 'host:port' destination for making the TCP connection for
// HTTP/HTTPS traffic.  It will be used as the hostname by default for virtual hosting
// and SSL certificate validation; if you'd like to use a different hostname,
// set params.HostHeader.
func NewSimplePool(addr string, params ConnectionParams) *SimplePool {
	pool := &SimplePool{
		addr:   addr,
		params: params,
		client: new(http.Client),
	}

	// It's desirable to enforce the timeout at the client-level since it
	// includes the connection time, redirects and the time to finish reading
	// the full response. Unlike ResponseHeaderTimeout supported by
	// `http.Transport` which merely accounts for the timeout to receive the
	// first response header byte. It ignores the time to send the request or
	// the time to read the full response.
	pool.client.Timeout = params.ResponseTimeout

	// setup HTTP transport
	transport := new(http.Transport)
	transport.ResponseHeaderTimeout = params.ResponseTimeout
	transport.MaxIdleConnsPerHost = params.MaxIdle

	if params.Proxy != nil {
		transport.Proxy = params.Proxy
	} else {
		transport.Proxy = http.ProxyFromEnvironment
	}

	if params.Dial == nil {
		// dialTimeout could only be used in none proxy requests since it talks directly
		// to pool.addr
		if getenvEitherCase("HTTP_PROXY") == "" && params.Proxy == nil {
			transport.Dial = pool.dialTimeout
		}
	} else {
		transport.Dial = params.Dial
	}
	pool.transport = transport
	pool.client.Transport = transport

	if params.UseSSL && params.SkipVerifySSL {
		transport.TLSClientConfig = &tls.Config{
			InsecureSkipVerify: true,
		}
	}

	return pool
}
func configureTransport(t1 *http.Transport) (*Transport, error) {
	connPool := new(clientConnPool)
	t2 := &Transport{
		ConnPool: noDialClientConnPool{connPool},
		t1:       t1,
	}
	connPool.t = t2
	if err := registerHTTPSProtocol(t1, noDialH2RoundTripper{t2}); err != nil {
		return nil, err
	}
	if t1.TLSClientConfig == nil {
		t1.TLSClientConfig = new(tls.Config)
	}
	if !strSliceContains(t1.TLSClientConfig.NextProtos, "h2") {
		t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...)
	}
	if !strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") {
		t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1")
	}
	upgradeFn := func(authority string, c *tls.Conn) http.RoundTripper {
		addr := authorityAddr(authority)
		if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil {
			go c.Close()
			return erringRoundTripper{err}
		} else if !used {
			// Turns out we don't need this c.
			// For example, two goroutines made requests to the same host
			// at the same time, both kicking off TCP dials. (since protocol
			// was unknown)
			go c.Close()
		}
		return t2
	}
	if m := t1.TLSNextProto; len(m) == 0 {
		t1.TLSNextProto = map[string]func(string, *tls.Conn) http.RoundTripper{
			"h2": upgradeFn,
		}
	} else {
		m["h2"] = upgradeFn
	}
	return t2, nil
}
Example #13
0
func (c *HttpsTaobaoClient) Excute(request TaobaoRequest, response interface{}, accessToken string) ([]byte, error) {
	request.Set(METHOD, request.GetApiMethodName())
	request.Set(FORMAT, c.Format)
	request.Set(VERSION, c.Version)
	request.Set("access_token", accessToken)

	body := strings.NewReader(request.GetValues().Encode())
	req, err := http.NewRequest("POST", c.ServerUrl, body)
	if err != nil {
		return nil, err
	}
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded") //必须

	transport := new(http.Transport)
	transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: false}

	client := new(http.Client)
	client.Transport = transport

	return clientDo(client, req, response)
}
Example #14
0
func NewClient(e *Env, config *ClientConfig, needCookie bool) *Client {
	var jar *cookiejar.Jar
	if needCookie && (config == nil || config.UseCookies) && e.GetTorMode().UseCookies() {
		jar, _ = cookiejar.New(nil)
	}

	var xprt *http.Transport
	var timeout time.Duration

	if (config != nil && config.RootCAs != nil) || e.GetTorMode().Enabled() {
		xprt = &http.Transport{}
		if config != nil && config.RootCAs != nil {
			xprt.TLSClientConfig = &tls.Config{RootCAs: config.RootCAs}
		}
		if e.GetTorMode().Enabled() {
			dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, e.GetTorProxy())
			xprt.Dial = dialSocksProxy
		} else {
			xprt.Proxy = http.ProxyFromEnvironment
		}
	}
	if config == nil || config.Timeout == 0 {
		timeout = HTTPDefaultTimeout
	} else {
		timeout = config.Timeout
	}

	ret := &Client{
		cli:    &http.Client{Timeout: timeout},
		config: config,
	}
	if jar != nil {
		ret.cli.Jar = jar
	}
	if xprt != nil {
		ret.cli.Transport = xprt
	}
	return ret
}
Example #15
0
// ConfigureTransport configures the http client transport (ssl, proxy)
func ConfigureTransport(insecure bool, clientCertFile string, clientKeyFile string, caCerts ...string) (*http.Transport, error) {
	Log.Debug("configure transport",
		"insecure", insecure,
		"clientCertFile", clientCertFile,
		"clientKeyFile", clientKeyFile,
		"cacerts", strings.Join(caCerts, ","),
	)
	transport := new(http.Transport)
	tlsConfig := &tls.Config{InsecureSkipVerify: insecure}
	if len(clientCertFile) != 0 && len(clientKeyFile) != 0 {
		clientCert, err := tls.LoadX509KeyPair(clientCertFile, clientKeyFile)
		if err != nil {
			return nil, err
		}
		tlsConfig.Certificates = []tls.Certificate{clientCert}
	}
	if len(caCerts) > 0 {
		caCertPool := x509.NewCertPool()
		for _, cert := range caCerts {
			if len(cert) == 0 {
				continue
			}
			caCert, err := ioutil.ReadFile(cert)
			if err != nil {
				return nil, err
			}
			caCertPool.AppendCertsFromPEM(caCert)
		}
		tlsConfig.RootCAs = caCertPool
	}
	tlsConfig.BuildNameToCertificate()
	transport.TLSClientConfig = tlsConfig
	proxyURL, err := url.Parse(os.Getenv("http_proxy"))
	if err == nil {
		transport.Proxy = http.ProxyURL(proxyURL)
	}
	return transport, nil
}
Example #16
0
func Authenticate(name string, serverId string, sharedSecret []byte, publicKey []byte) (profile GameProfile, err error) {
	transport := new(http.Transport)
	transport.TLSClientConfig = new(tls.Config)
	transport.TLSClientConfig.RootCAs = x509.NewCertPool()
	transport.TLSClientConfig.RootCAs.AppendCertsFromPEM([]byte(Certificate))
	client := new(http.Client)
	client.Transport = transport
	response, err := client.Get(fmt.Sprintf(URL, name, MojangSha1Hex([]byte(serverId), sharedSecret, publicKey)))
	if err != nil {
		return
	}
	defer response.Body.Close()
	jsonDecoder := json.NewDecoder(response.Body)
	profile = GameProfile{}
	err = jsonDecoder.Decode(&profile)
	if err != nil {
		return
	}
	if len(profile.Id) != 32 {
		err = errors.New(fmt.Sprintf("Id is not 32 characters: %d", len(profile.Id)))
	}
	return
}
Example #17
0
// Transport returns an http.RoundTripper with the correct timeouts
func (ci *ConfigInfo) Transport() http.RoundTripper {
	noTransport.Do(func() {
		// Start with a sensible set of defaults then override.
		// This also means we get new stuff when it gets added to go
		t := new(http.Transport)
		setDefaults(t, http.DefaultTransport.(*http.Transport))
		t.Proxy = http.ProxyFromEnvironment
		t.MaxIdleConnsPerHost = 4 * (ci.Checkers + ci.Transfers + 1)
		t.TLSHandshakeTimeout = ci.ConnectTimeout
		t.ResponseHeaderTimeout = ci.Timeout
		t.TLSClientConfig = &tls.Config{InsecureSkipVerify: ci.InsecureSkipVerify}
		t.DisableCompression = *noGzip
		// Set in http_old.go initTransport
		//   t.Dial
		// Set in http_new.go initTransport
		//   t.DialContext
		//   t.IdelConnTimeout
		//   t.ExpectContinueTimeout
		ci.initTransport(t)
		// Wrap that http.Transport in our own transport
		transport = NewTransport(t, ci.DumpHeaders, ci.DumpBodies)
	})
	return transport
}
Example #18
0
// InstallAPI registers endpoints for an OAuth2 server into the provided mux,
// then returns an array of strings indicating what endpoints were started
// (these are format strings that will expect to be sent a single string value).
func (c *AuthConfig) InstallAPI(container *restful.Container) []string {
	// TODO: register into container
	mux := container.ServeMux

	accessTokenStorage := accesstokenetcd.NewREST(c.EtcdHelper)
	accessTokenRegistry := accesstokenregistry.NewRegistry(accessTokenStorage)
	authorizeTokenStorage := authorizetokenetcd.NewREST(c.EtcdHelper)
	authorizeTokenRegistry := authorizetokenregistry.NewRegistry(authorizeTokenStorage)
	clientStorage := clientetcd.NewREST(c.EtcdHelper)
	clientRegistry := clientregistry.NewRegistry(clientStorage)
	clientAuthStorage := clientauthetcd.NewREST(c.EtcdHelper)
	clientAuthRegistry := clientauthregistry.NewRegistry(clientAuthStorage)

	authRequestHandler, authHandler, authFinalizer, err := c.getAuthorizeAuthenticationHandlers(mux)
	if err != nil {
		glog.Fatal(err)
	}

	storage := registrystorage.New(accessTokenRegistry, authorizeTokenRegistry, clientRegistry, registry.NewUserConversion())
	config := osinserver.NewDefaultServerConfig()
	if c.Options.TokenConfig.AuthorizeTokenMaxAgeSeconds > 0 {
		config.AuthorizationExpiration = c.Options.TokenConfig.AuthorizeTokenMaxAgeSeconds
	}
	if c.Options.TokenConfig.AccessTokenMaxAgeSeconds > 0 {
		config.AccessExpiration = c.Options.TokenConfig.AccessTokenMaxAgeSeconds
	}

	grantChecker := registry.NewClientAuthorizationGrantChecker(clientAuthRegistry)
	grantHandler := c.getGrantHandler(mux, authRequestHandler, clientRegistry, clientAuthRegistry)

	server := osinserver.New(
		config,
		storage,
		osinserver.AuthorizeHandlers{
			handlers.NewAuthorizeAuthenticator(
				authRequestHandler,
				authHandler,
				handlers.EmptyError{},
			),
			handlers.NewGrantCheck(
				grantChecker,
				grantHandler,
				handlers.EmptyError{},
			),
			authFinalizer,
		},
		osinserver.AccessHandlers{
			handlers.NewDenyAccessAuthenticator(),
		},
		osinserver.NewDefaultErrorHandler(),
	)
	server.Install(mux, OpenShiftOAuthAPIPrefix)

	CreateOrUpdateDefaultOAuthClients(c.Options.MasterPublicURL, c.AssetPublicAddresses, clientRegistry)
	osOAuthClientConfig := c.NewOpenShiftOAuthClientConfig(&OSBrowserClientBase)
	osOAuthClientConfig.RedirectUrl = c.Options.MasterPublicURL + path.Join(OpenShiftOAuthAPIPrefix, tokenrequest.DisplayTokenEndpoint)

	osOAuthClient, _ := osincli.NewClient(osOAuthClientConfig)
	if c.MasterRoots != nil {
		// Copy the default transport
		var transport http.Transport = *http.DefaultTransport.(*http.Transport)
		// Set TLS CA roots
		transport.TLSClientConfig = &tls.Config{RootCAs: c.MasterRoots}
		osOAuthClient.Transport = &transport
	}

	tokenRequestEndpoints := tokenrequest.NewEndpoints(c.Options.MasterPublicURL, osOAuthClient)
	tokenRequestEndpoints.Install(mux, OpenShiftOAuthAPIPrefix)

	// glog.Infof("oauth server configured as: %#v", server)
	// glog.Infof("auth handler: %#v", authHandler)
	// glog.Infof("auth request handler: %#v", authRequestHandler)
	// glog.Infof("grant checker: %#v", grantChecker)
	// glog.Infof("grant handler: %#v", grantHandler)

	return []string{
		fmt.Sprintf("Started OAuth2 API at %%s%s", OpenShiftOAuthAPIPrefix),
		fmt.Sprintf("Started Login endpoint at %%s%s", OpenShiftLoginPrefix),
	}
}
Example #19
0
func (c *Cmd) Client() (*consulapi.Client, error) {
	config := consulapi.DefaultConfig()
	csl := c.consul
	csl.tlsConfig = new(tls.Config)

	if csl.address != "" {
		config.Address = c.consul.address
	}

	if csl.token != "" && csl.tokenFile != "" {
		return nil, errors.New("--token and --token-file can not both be provided")
	}

	if csl.tokenFile != "" {
		b, err := ioutil.ReadFile(csl.tokenFile)
		if err != nil {
			return nil, fmt.Errorf("Error reading token file: %s", err)
		}

		config.Token = strings.TrimSpace(string(b))
	}

	if csl.token != "" {
		config.Token = csl.token
	}

	if csl.sslEnabled {
		config.Scheme = "https"

		if csl.sslCert != "" {
			if csl.sslKey == "" {
				return nil, errors.New("--ssl-key must be provided in order to use certificates for authentication")
			}
			clientCert, err := tls.LoadX509KeyPair(csl.sslCert, csl.sslKey)
			if err != nil {
				return nil, err
			}

			csl.tlsConfig.Certificates = []tls.Certificate{clientCert}
			csl.tlsConfig.BuildNameToCertificate()
		}

		if csl.sslVerify {
			if csl.sslCaCert == "" {
				return nil, errors.New("--ssl-ca-cert must be provided in order to use certificates for verification")
			}

			caCert, err := ioutil.ReadFile(csl.sslCaCert)
			if err != nil {
				return nil, err
			}

			caCertPool := x509.NewCertPool()
			caCertPool.AppendCertsFromPEM(caCert)
			csl.tlsConfig.RootCAs = caCertPool
		}
	}

	transport := new(http.Transport)
	transport.TLSClientConfig = csl.tlsConfig

	if !csl.sslVerify {
		transport.TLSClientConfig.InsecureSkipVerify = true
	}
	config.HttpClient.Transport = transport

	if csl.auth.Enabled {
		config.HttpAuth = &consulapi.HttpBasicAuth{
			Username: csl.auth.Username,
			Password: csl.auth.Password,
		}
	}

	client, err := consulapi.NewClient(config)
	if err != nil {
		return nil, err
	}

	return client, nil
}