diff --git a/pkg/getter/httpgetter.go b/pkg/getter/httpgetter.go index bd2d663b5..6fe1aa71f 100644 --- a/pkg/getter/httpgetter.go +++ b/pkg/getter/httpgetter.go @@ -109,21 +109,20 @@ func NewHTTPGetter(options ...Option) (Getter, error) { } func (g *HTTPGetter) httpClient() (*http.Client, error) { - var transport *http.Transport - if g.opts.transport != nil { - transport = g.opts.transport - } else { - g.once.Do(func() { - g.transport = &http.Transport{ - DisableCompression: true, - Proxy: http.ProxyFromEnvironment, - } - }) - - transport = g.transport + return &http.Client{ + Transport: g.opts.transport, + Timeout: g.opts.timeout, + }, nil } + g.once.Do(func() { + g.transport = &http.Transport{ + DisableCompression: true, + Proxy: http.ProxyFromEnvironment, + } + }) + if (g.opts.certFile != "" && g.opts.keyFile != "") || g.opts.caFile != "" { tlsConf, err := tlsutil.NewClientTLS(g.opts.certFile, g.opts.keyFile, g.opts.caFile) if err != nil { @@ -137,21 +136,21 @@ func (g *HTTPGetter) httpClient() (*http.Client, error) { } tlsConf.ServerName = sni - transport.TLSClientConfig = tlsConf + g.transport.TLSClientConfig = tlsConf } if g.opts.insecureSkipVerifyTLS { - if transport.TLSClientConfig == nil { - transport.TLSClientConfig = &tls.Config{ + if g.transport.TLSClientConfig == nil { + g.transport.TLSClientConfig = &tls.Config{ InsecureSkipVerify: true, } } else { - transport.TLSClientConfig.InsecureSkipVerify = true + g.transport.TLSClientConfig.InsecureSkipVerify = true } } client := &http.Client{ - Transport: transport, + Transport: g.transport, Timeout: g.opts.timeout, } diff --git a/pkg/getter/httpgetter_test.go b/pkg/getter/httpgetter_test.go index 54d71aa08..140b2c714 100644 --- a/pkg/getter/httpgetter_test.go +++ b/pkg/getter/httpgetter_test.go @@ -518,4 +518,15 @@ func TestHTTPTransportOption(t *testing.T) { if transport1 != transport2 { t.Fatalf("Expected applied transport to be reused") } + + g = HTTPGetter{} + g.opts.url = "https://localhost" + g.opts.certFile = "testdata/client.crt" + g.opts.keyFile = "testdata/client.key" + g.opts.insecureSkipVerifyTLS = true + g.opts.transport = transport + usedTransport := verifyInsecureSkipVerify(t, &g, "HTTPGetter with 2 way ssl", false) + if usedTransport.TLSClientConfig != nil { + t.Fatal("transport.TLSClientConfig should not be set") + } }