code.cloudfoundry.org/cli@v7.1.0+incompatible/util/tls.go (about)

     1  package util
     2  
     3  import (
     4  	"crypto/tls"
     5  	"crypto/x509"
     6  
     7  	"code.cloudfoundry.org/tlsconfig"
     8  )
     9  
    10  func NewTLSConfig(trustedCerts []*x509.Certificate, skipTLSValidation bool) *tls.Config {
    11  	config := &tls.Config{}
    12  
    13  	_ = tlsconfig.WithExternalServiceDefaults()(config) //nolint - always returns nil
    14  
    15  	if len(trustedCerts) > 0 {
    16  		certPool := x509.NewCertPool()
    17  		for _, tlsCert := range trustedCerts {
    18  			certPool.AddCert(tlsCert)
    19  		}
    20  		config.RootCAs = certPool
    21  	}
    22  
    23  	config.InsecureSkipVerify = skipTLSValidation
    24  
    25  	return config
    26  }