func isServerTrusted(server string) (bool, error) {
bServerTrusted := false
roots, err := cf.GetCertsFromLocalStore()
if err != nil {
return bServerTrusted, err
}
//Try connecting securely to the server
config := tls.Config{RootCAs: roots, InsecureSkipVerify: false}
conn, err := tls.Dial("tcp", server, &config)
if err == nil {
bServerTrusted = true
_ = conn.Close()
} else {
switch err.(type) {
case x509.UnknownAuthorityError:
bServerTrusted = false
err = nil
}
}
return bServerTrusted, err
}
func NewClient(config *cf.Configuration) (*photon.Client, error) {
if len(config.CloudTarget) == 0 {
return nil, errors.New("Specify a Photon Controller endpoint by running 'target set' command")
}
options := &photon.ClientOptions{
IgnoreCertificate: config.IgnoreCertificate,
TokenOptions: &photon.TokenOptions{
AccessToken: config.Token,
},
}
//
// If target is https, check if we could ignore client side cert check
// If we can't ignore client side cert check, try setting the root certs
//
u, err := url.Parse(config.CloudTarget)
if err == nil && u.Scheme == "https" {
if !config.IgnoreCertificate == true {
roots, err := cf.GetCertsFromLocalStore()
if err == nil {
options.RootCAs = roots
} else {
return nil, err
}
}
}
esxclient := photon.NewClient(config.CloudTarget, options, logger)
return esxclient, nil
}