func (b *backendSuite) tlsServerAndClient(c *gc.C) (client *http.Client, url, dataDir string) {
listener, url, dataDir := startServerTLS(c)
b.AddCleanup(func(*gc.C) { listener.Close() })
caCerts := x509.NewCertPool()
c.Assert(caCerts.AppendCertsFromPEM([]byte(coretesting.CACert)), jc.IsTrue)
client = &http.Client{
Transport: utils.NewHttpTLSTransport(&tls.Config{RootCAs: caCerts}),
}
return client, url, dataDir
}
// ClientTLS returns a storage object that will talk to the
// storage server at the given network address (see Serve),
// using TLS. The client is given an authentication key,
// which the server will verify for Put and Remove* operations.
func ClientTLS(addr string, caCertPEM string, authkey string) (storage.Storage, error) {
logger.Debugf("using https storage at %q", addr)
caCerts := x509.NewCertPool()
if !caCerts.AppendCertsFromPEM([]byte(caCertPEM)) {
return nil, errors.New("error adding CA certificate to pool")
}
return &localStorage{
addr: addr,
authkey: authkey,
client: &http.Client{
Transport: utils.NewHttpTLSTransport(&tls.Config{RootCAs: caCerts}),
},
}, nil
}