From d62d8c04d006a7d50a105a4cc2a2f2a7e5f0358e Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Thu, 15 Apr 2021 21:58:37 -0400 Subject: [PATCH] sl-feeds: adding --insecure and --ca flags pulling straight from https://forfuncsake.github.io/post/2017/08/trust-extra-ca-cert-in-go-app/ Thanks @forfuncsake Fixes #18 Signed-off-by: Vincent Batts --- cmd/sl-feeds/main.go | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/cmd/sl-feeds/main.go b/cmd/sl-feeds/main.go index 024a967..101b549 100644 --- a/cmd/sl-feeds/main.go +++ b/cmd/sl-feeds/main.go @@ -1,9 +1,12 @@ package main import ( + "crypto/tls" + "crypto/x509" "fmt" "io/ioutil" "log" + "net/http" "os" "path/filepath" "time" @@ -33,6 +36,14 @@ func main() { Name: "quiet, q", Usage: "Less output", }, + cli.BoolFlag{ + Name: "insecure", + Usage: "do not validate server certificate", + }, + cli.StringFlag{ + Name: "ca", + Usage: "additional CA cert to use", + }, cli.BoolFlag{ Name: "sample-config", Usage: "Output sample config file to stdout", @@ -41,6 +52,29 @@ func main() { // This is the main/default application app.Action = func(c *cli.Context) error { + rootCAs, _ := x509.SystemCertPool() + if c.String("ca") != "" { + if rootCAs == nil { + rootCAs = x509.NewCertPool() + } + // Read in the cert file + certs, err := ioutil.ReadFile(c.String("ca")) + if err != nil { + log.Fatalf("Failed to append %q to RootCAs: %v", c.String("ca"), err) + } + + // Append our cert to the system pool + if ok := rootCAs.AppendCertsFromPEM(certs); !ok { + log.Println("No certs appended, using system certs only") + } + } + if c.Bool("insecure") { + config := &tls.Config{ + InsecureSkipVerify: true, + RootCAs: rootCAs, + } + http.DefaultTransport = &http.Transport{TLSClientConfig: config} + } if c.Bool("sample-config") { c := Config{ Dest: "$HOME/public_html/feeds/",