Follow-up from "Support mutual TLS when calling the GitLab API"
The following discussion from !978 (merged) should be addressed:
Implementation guide
-
@jaime started a discussion: (+3 comments) All these fields are being re-used so we risk having some value change in one transport but not others. Can we simply reuse the
NewTransportfunction and just modify theTLSClientConfigwith the config?. For examplediff --git a/internal/httptransport/transport.go b/internal/httptransport/transport.go index da38e0a9..f90cfd06 100644 --- a/internal/httptransport/transport.go +++ b/internal/httptransport/transport.go @@ -44,8 +44,7 @@ func NewTransport() *http.Transport { DialTLS: func(network, addr string) (net.Conn, error) { return tls.Dial(network, addr, &tls.Config{RootCAs: pool(), MinVersion: tls.VersionTLS12}) }, - TLSClientConfig: &tls.Config{MinVersion: tls.VersionTLS12}, // set MinVersion to fix gosec: G402 - Proxy: http.ProxyFromEnvironment, + Proxy: http.ProxyFromEnvironment, // overrides the DefaultMaxIdleConnsPerHost = 2 MaxIdleConns: 100, MaxIdleConnsPerHost: 100, @@ -86,21 +85,10 @@ func NewTransportWithClientCert(clientCfg config.HTTPClientCfg) *http.Transport tlsConfig.Certificates = clientCfg.Certs } - return &http.Transport{ - DialTLS: func(network, addr string) (net.Conn, error) { - return tls.Dial(network, addr, tlsConfig) - }, - TLSClientConfig: tlsConfig, - Proxy: http.ProxyFromEnvironment, - // overrides the DefaultMaxIdleConnsPerHost = 2 - MaxIdleConns: 100, - MaxIdleConnsPerHost: 100, - IdleConnTimeout: 90 * time.Second, - // Set more timeouts https://gitlab.com/gitlab-org/gitlab-pages/-/issues/495 - TLSHandshakeTimeout: 10 * time.Second, - ResponseHeaderTimeout: 15 * time.Second, - ExpectContinueTimeout: 15 * time.Second, - } + t := NewTransport() + t.TLSClientConfig = tlsConfig + + return t }
Edited by Naman Jagdish Gala