func NewClient(config *cf.Configuration) (*photon.Client, error) { if len(config.CloudTarget) == 0 { return nil, errors.New("Specify a Photon Controller endpoint by running 'target set' command") } options := &photon.ClientOptions{ IgnoreCertificate: config.IgnoreCertificate, TokenOptions: &photon.TokenOptions{ AccessToken: config.Token, }, } // // If target is https, check if we could ignore client side cert check // If we can't ignore client side cert check, try setting the root certs // u, err := url.Parse(config.CloudTarget) if err == nil && u.Scheme == "https" { if !config.IgnoreCertificate == true { roots, err := cf.GetCertsFromLocalStore() if err == nil { options.RootCAs = roots } else { return nil, err } } } esxclient := photon.NewClient(config.CloudTarget, options, logger) return esxclient, nil }
func isServerTrusted(server string) (bool, error) { bServerTrusted := false roots, err := cf.GetCertsFromLocalStore() if err != nil { return bServerTrusted, err } //Try connecting securely to the server config := tls.Config{RootCAs: roots, InsecureSkipVerify: false} conn, err := tls.Dial("tcp", server, &config) if err == nil { bServerTrusted = true _ = conn.Close() } else { switch err.(type) { case x509.UnknownAuthorityError: bServerTrusted = false err = nil } } return bServerTrusted, err }