Dont modify provided transport

Signed-off-by: Matthias Fehr <matthias@monostream.com>
pull/10568/head
Matthias Fehr 3 years ago
parent 7d22040e66
commit cab1fc87d4

@ -109,21 +109,20 @@ func NewHTTPGetter(options ...Option) (Getter, error) {
} }
func (g *HTTPGetter) httpClient() (*http.Client, error) { func (g *HTTPGetter) httpClient() (*http.Client, error) {
var transport *http.Transport
if g.opts.transport != nil { if g.opts.transport != nil {
transport = g.opts.transport return &http.Client{
} else { Transport: g.opts.transport,
g.once.Do(func() { Timeout: g.opts.timeout,
g.transport = &http.Transport{ }, nil
DisableCompression: true,
Proxy: http.ProxyFromEnvironment,
}
})
transport = g.transport
} }
g.once.Do(func() {
g.transport = &http.Transport{
DisableCompression: true,
Proxy: http.ProxyFromEnvironment,
}
})
if (g.opts.certFile != "" && g.opts.keyFile != "") || g.opts.caFile != "" { if (g.opts.certFile != "" && g.opts.keyFile != "") || g.opts.caFile != "" {
tlsConf, err := tlsutil.NewClientTLS(g.opts.certFile, g.opts.keyFile, g.opts.caFile) tlsConf, err := tlsutil.NewClientTLS(g.opts.certFile, g.opts.keyFile, g.opts.caFile)
if err != nil { if err != nil {
@ -137,21 +136,21 @@ func (g *HTTPGetter) httpClient() (*http.Client, error) {
} }
tlsConf.ServerName = sni tlsConf.ServerName = sni
transport.TLSClientConfig = tlsConf g.transport.TLSClientConfig = tlsConf
} }
if g.opts.insecureSkipVerifyTLS { if g.opts.insecureSkipVerifyTLS {
if transport.TLSClientConfig == nil { if g.transport.TLSClientConfig == nil {
transport.TLSClientConfig = &tls.Config{ g.transport.TLSClientConfig = &tls.Config{
InsecureSkipVerify: true, InsecureSkipVerify: true,
} }
} else { } else {
transport.TLSClientConfig.InsecureSkipVerify = true g.transport.TLSClientConfig.InsecureSkipVerify = true
} }
} }
client := &http.Client{ client := &http.Client{
Transport: transport, Transport: g.transport,
Timeout: g.opts.timeout, Timeout: g.opts.timeout,
} }

@ -518,4 +518,15 @@ func TestHTTPTransportOption(t *testing.T) {
if transport1 != transport2 { if transport1 != transport2 {
t.Fatalf("Expected applied transport to be reused") t.Fatalf("Expected applied transport to be reused")
} }
g = HTTPGetter{}
g.opts.url = "https://localhost"
g.opts.certFile = "testdata/client.crt"
g.opts.keyFile = "testdata/client.key"
g.opts.insecureSkipVerifyTLS = true
g.opts.transport = transport
usedTransport := verifyInsecureSkipVerify(t, &g, "HTTPGetter with 2 way ssl", false)
if usedTransport.TLSClientConfig != nil {
t.Fatal("transport.TLSClientConfig should not be set")
}
} }

Loading…
Cancel
Save