From c9e93776354e86b01159a3c5b5b6ff3af761bab3 Mon Sep 17 00:00:00 2001 From: Sanskar Jaiswal Date: Wed, 23 Nov 2022 15:27:11 +0530 Subject: [PATCH] add support for env proxying when using https with custom CAs Signed-off-by: Sanskar Jaiswal --- plumbing/transport/client/client.go | 35 ++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/plumbing/transport/client/client.go b/plumbing/transport/client/client.go index e6f6d4b27..a74e71059 100644 --- a/plumbing/transport/client/client.go +++ b/plumbing/transport/client/client.go @@ -6,7 +6,9 @@ import ( "crypto/tls" "crypto/x509" "fmt" + "net" gohttp "net/http" + "time" "github.com/fluxcd/go-git/v5/plumbing/transport" "github.com/fluxcd/go-git/v5/plumbing/transport/file" @@ -24,12 +26,25 @@ var Protocols = map[string]transport.Transport{ "file": file.DefaultClient, } +var dialer = net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, +} + +func defaultTransport() *gohttp.Transport { + t := gohttp.DefaultTransport.(*gohttp.Transport).Clone() + if t.TLSClientConfig != nil { + t.TLSClientConfig = &tls.Config{} + } + return t +} + var insecureClient = http.NewClient(&gohttp.Client{ - Transport: &gohttp.Transport{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: true, - }, - }, + Transport: func() *gohttp.Transport { + t := defaultTransport() + t.TLSClientConfig.InsecureSkipVerify = true + return t + }(), }) // InstallProtocol adds or modifies an existing protocol. @@ -62,11 +77,11 @@ func getTransport(endpoint *transport.Endpoint) (transport.Transport, error) { } rootCAs.AppendCertsFromPEM(endpoint.CaBundle) return http.NewClient(&gohttp.Client{ - Transport: &gohttp.Transport{ - TLSClientConfig: &tls.Config{ - RootCAs: rootCAs, - }, - }, + Transport: func() *gohttp.Transport { + t := defaultTransport() + t.TLSClientConfig.RootCAs = rootCAs + return t + }(), }), nil } }