tls.go 1.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849
  1. // Copyright 2016 The etcd Authors
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. package transport
  15. import (
  16. "fmt"
  17. "strings"
  18. "time"
  19. )
  20. // ValidateSecureEndpoints scans the given endpoints against tls info, returning only those
  21. // endpoints that could be validated as secure.
  22. func ValidateSecureEndpoints(tlsInfo TLSInfo, eps []string) ([]string, error) {
  23. t, err := NewTransport(tlsInfo, 5*time.Second)
  24. if err != nil {
  25. return nil, err
  26. }
  27. var errs []string
  28. var endpoints []string
  29. for _, ep := range eps {
  30. if !strings.HasPrefix(ep, "https://") {
  31. errs = append(errs, fmt.Sprintf("%q is insecure", ep))
  32. continue
  33. }
  34. conn, cerr := t.Dial("tcp", ep[len("https://"):])
  35. if cerr != nil {
  36. errs = append(errs, fmt.Sprintf("%q failed to dial (%v)", ep, cerr))
  37. continue
  38. }
  39. conn.Close()
  40. endpoints = append(endpoints, ep)
  41. }
  42. if len(errs) != 0 {
  43. err = fmt.Errorf("%s", strings.Join(errs, ","))
  44. }
  45. return endpoints, err
  46. }