gtsocial-umbx

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

transport.go (2475B)

      1 //go:build go1.7 || go1.8
      2 // +build go1.7 go1.8
      3 
      4 /*
      5  * MinIO Go Library for Amazon S3 Compatible Cloud Storage
      6  * Copyright 2017-2018 MinIO, Inc.
      7  *
      8  * Licensed under the Apache License, Version 2.0 (the "License");
      9  * you may not use this file except in compliance with the License.
     10  * You may obtain a copy of the License at
     11  *
     12  *     http://www.apache.org/licenses/LICENSE-2.0
     13  *
     14  * Unless required by applicable law or agreed to in writing, software
     15  * distributed under the License is distributed on an "AS IS" BASIS,
     16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     17  * See the License for the specific language governing permissions and
     18  * limitations under the License.
     19  */
     20 
     21 package minio
     22 
     23 import (
     24 	"crypto/tls"
     25 	"crypto/x509"
     26 	"net"
     27 	"net/http"
     28 	"os"
     29 	"time"
     30 )
     31 
     32 // mustGetSystemCertPool - return system CAs or empty pool in case of error (or windows)
     33 func mustGetSystemCertPool() *x509.CertPool {
     34 	pool, err := x509.SystemCertPool()
     35 	if err != nil {
     36 		return x509.NewCertPool()
     37 	}
     38 	return pool
     39 }
     40 
     41 // DefaultTransport - this default transport is similar to
     42 // http.DefaultTransport but with additional param  DisableCompression
     43 // is set to true to avoid decompressing content with 'gzip' encoding.
     44 var DefaultTransport = func(secure bool) (*http.Transport, error) {
     45 	tr := &http.Transport{
     46 		Proxy: http.ProxyFromEnvironment,
     47 		DialContext: (&net.Dialer{
     48 			Timeout:   30 * time.Second,
     49 			KeepAlive: 30 * time.Second,
     50 		}).DialContext,
     51 		MaxIdleConns:          256,
     52 		MaxIdleConnsPerHost:   16,
     53 		ResponseHeaderTimeout: time.Minute,
     54 		IdleConnTimeout:       time.Minute,
     55 		TLSHandshakeTimeout:   10 * time.Second,
     56 		ExpectContinueTimeout: 10 * time.Second,
     57 		// Set this value so that the underlying transport round-tripper
     58 		// doesn't try to auto decode the body of objects with
     59 		// content-encoding set to `gzip`.
     60 		//
     61 		// Refer:
     62 		//    https://golang.org/src/net/http/transport.go?h=roundTrip#L1843
     63 		DisableCompression: true,
     64 	}
     65 
     66 	if secure {
     67 		tr.TLSClientConfig = &tls.Config{
     68 			// Can't use SSLv3 because of POODLE and BEAST
     69 			// Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
     70 			// Can't use TLSv1.1 because of RC4 cipher usage
     71 			MinVersion: tls.VersionTLS12,
     72 		}
     73 		if f := os.Getenv("SSL_CERT_FILE"); f != "" {
     74 			rootCAs := mustGetSystemCertPool()
     75 			data, err := os.ReadFile(f)
     76 			if err == nil {
     77 				rootCAs.AppendCertsFromPEM(data)
     78 			}
     79 			tr.TLSClientConfig.RootCAs = rootCAs
     80 		}
     81 	}
     82 	return tr, nil
     83 }