diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2791479..cc4af83 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,9 +18,9 @@ jobs: - uses: actions/checkout@v3 - name: Set up Go environment - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: - go-version: 1.19 + go-version: '1.20' - name: Build run: go build -v ./... diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index df14b11..698a8c0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,9 +11,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up Go environment - uses: actions/setup-go@v2 + uses: actions/setup-go@v4 with: - go-version: 1.19 + go-version: '1.20' - name: Checkout code uses: actions/checkout@v2 diff --git a/tls.go b/tls.go index 59d86a2..3df28b0 100644 --- a/tls.go +++ b/tls.go @@ -3,29 +3,33 @@ package main import ( "crypto/tls" "crypto/x509" - "io/ioutil" + "fmt" + "os" ) // NewTLSConfig creates a new TLS configuration for the given certificate files. func NewTLSConfig(clientCertFile, clientKeyFile, caCertFile string) (*tls.Config, error) { - tlsConfig := tls.Config{} + var tlsConfig = &tls.Config{} // Load client cert cert, err := tls.LoadX509KeyPair(clientCertFile, clientKeyFile) if err != nil { - return &tlsConfig, err + return nil, fmt.Errorf("failed to load client cert: %w", err) } tlsConfig.Certificates = []tls.Certificate{cert} // Load CA cert - caCert, err := ioutil.ReadFile(caCertFile) + caCert, err := os.ReadFile(caCertFile) if err != nil { - return &tlsConfig, err + return nil, fmt.Errorf("failed to read CA cert file: %w", err) } + caCertPool := x509.NewCertPool() - caCertPool.AppendCertsFromPEM(caCert) + if ok := caCertPool.AppendCertsFromPEM(caCert); !ok { + return nil, fmt.Errorf("failed to append CA cert") + } + tlsConfig.RootCAs = caCertPool - tlsConfig.BuildNameToCertificate() - return &tlsConfig, err + return tlsConfig, nil }