pkg/transport: deprecate "CAFile" field

Has been deprecated since v2.1...

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>

pkg/transport/listener.go

@@ -59,7 +59,6 @@ func wrapTLS(addr, scheme string, tlsinfo *TLSInfo, l net.Listener) (net.Listene
 type TLSInfo struct {
 	CertFile           string
 	KeyFile            string
-	CAFile             string // TODO: deprecate this in v4
 	TrustedCAFile      string
 	ClientCertAuth     bool
 	CRLFile            string
@@ -83,7 +82,7 @@ type TLSInfo struct {
 }
 
 func (info TLSInfo) String() string {
-	return fmt.Sprintf("cert = %s, key = %s, ca = %s, trusted-ca = %s, client-cert-auth = %v, crl-file = %s", info.CertFile, info.KeyFile, info.CAFile, info.TrustedCAFile, info.ClientCertAuth, info.CRLFile)
+	return fmt.Sprintf("cert = %s, key = %s, trusted-ca = %s, client-cert-auth = %v, crl-file = %s", info.CertFile, info.KeyFile, info.TrustedCAFile, info.ClientCertAuth, info.CRLFile)
 }
 
 func (info TLSInfo) Empty() bool {
@@ -206,9 +205,6 @@ func (info TLSInfo) baseConfig() (*tls.Config, error) {
 // cafiles returns a list of CA file paths.
 func (info TLSInfo) cafiles() []string {
 	cs := make([]string, 0)
-	if info.CAFile != "" {
-		cs = append(cs, info.CAFile)
-	}
 	if info.TrustedCAFile != "" {
 		cs = append(cs, info.TrustedCAFile)
 	}
@@ -223,13 +219,13 @@ func (info TLSInfo) ServerConfig() (*tls.Config, error) {
 	}
 
 	cfg.ClientAuth = tls.NoClientCert
-	if info.CAFile != "" || info.ClientCertAuth {
+	if info.TrustedCAFile != "" || info.ClientCertAuth {
 		cfg.ClientAuth = tls.RequireAndVerifyClientCert
 	}
 
-	CAFiles := info.cafiles()
-	if len(CAFiles) > 0 {
-		cp, err := tlsutil.NewCertPool(CAFiles)
+	cs := info.cafiles()
+	if len(cs) > 0 {
+		cp, err := tlsutil.NewCertPool(cs)
 		if err != nil {
 			return nil, err
 		}
@@ -257,9 +253,9 @@ func (info TLSInfo) ClientConfig() (*tls.Config, error) {
 	}
 	cfg.InsecureSkipVerify = info.InsecureSkipVerify
 
-	CAFiles := info.cafiles()
-	if len(CAFiles) > 0 {
-		cfg.RootCAs, err = tlsutil.NewCertPool(CAFiles)
+	cs := info.cafiles()
+	if len(cs) > 0 {
+		cfg.RootCAs, err = tlsutil.NewCertPool(cs)
 		if err != nil {
 			return nil, err
 		}

pkg/transport/listener_test.go

@@ -95,12 +95,12 @@ func TestNewTransportTLSInfo(t *testing.T) {
 			KeyFile:  tlsinfo.KeyFile,
 		},
 		{
-			CertFile: tlsinfo.CertFile,
-			KeyFile:  tlsinfo.KeyFile,
-			CAFile:   tlsinfo.CAFile,
+			CertFile:      tlsinfo.CertFile,
+			KeyFile:       tlsinfo.KeyFile,
+			TrustedCAFile: tlsinfo.TrustedCAFile,
 		},
 		{
-			CAFile: tlsinfo.CAFile,
+			TrustedCAFile: tlsinfo.TrustedCAFile,
 		},
 	}
 
@@ -136,13 +136,13 @@ func TestTLSInfoEmpty(t *testing.T) {
 		want bool
 	}{
 		{TLSInfo{}, true},
-		{TLSInfo{CAFile: "baz"}, true},
+		{TLSInfo{TrustedCAFile: "baz"}, true},
 		{TLSInfo{CertFile: "foo"}, false},
 		{TLSInfo{KeyFile: "bar"}, false},
 		{TLSInfo{CertFile: "foo", KeyFile: "bar"}, false},
-		{TLSInfo{CertFile: "foo", CAFile: "baz"}, false},
-		{TLSInfo{KeyFile: "bar", CAFile: "baz"}, false},
-		{TLSInfo{CertFile: "foo", KeyFile: "bar", CAFile: "baz"}, false},
+		{TLSInfo{CertFile: "foo", TrustedCAFile: "baz"}, false},
+		{TLSInfo{KeyFile: "bar", TrustedCAFile: "baz"}, false},
+		{TLSInfo{CertFile: "foo", KeyFile: "bar", TrustedCAFile: "baz"}, false},
 	}
 
 	for i, tt := range tests {
@@ -163,8 +163,8 @@ func TestTLSInfoMissingFields(t *testing.T) {
 	tests := []TLSInfo{
 		{CertFile: tlsinfo.CertFile},
 		{KeyFile: tlsinfo.KeyFile},
-		{CertFile: tlsinfo.CertFile, CAFile: tlsinfo.CAFile},
-		{KeyFile: tlsinfo.KeyFile, CAFile: tlsinfo.CAFile},
+		{CertFile: tlsinfo.CertFile, TrustedCAFile: tlsinfo.TrustedCAFile},
+		{KeyFile: tlsinfo.KeyFile, TrustedCAFile: tlsinfo.TrustedCAFile},
 	}
 
 	for i, info := range tests {
@@ -215,7 +215,7 @@ func TestTLSInfoConfigFuncs(t *testing.T) {
 		},
 
 		{
-			info:       TLSInfo{CertFile: tlsinfo.CertFile, KeyFile: tlsinfo.KeyFile, CAFile: tlsinfo.CertFile},
+			info:       TLSInfo{CertFile: tlsinfo.CertFile, KeyFile: tlsinfo.KeyFile, TrustedCAFile: tlsinfo.CertFile},
 			clientAuth: tls.RequireAndVerifyClientCert,
 			wantCAs:    true,
 		},