Only load X509 key pair if the scheme is set to https; otherwise, omi…

…t TLSClientConfig
cs3org · Sep 30, 2024 · 39d993e · 39d993e
1 parent 122da0b
commit 39d993e
Showing 1 changed file with 18 additions and 9 deletions.
diff --git a/pkg/eosclient/eosgrpc/eoshttp.go b/pkg/eosclient/eosgrpc/eoshttp.go
@@ -22,6 +22,7 @@ import (
 	"bytes"
 	"context"
 	"crypto/tls"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -147,26 +148,34 @@ func NewEOSHTTPClient(opt *HTTPOptions) (*EOSHTTPClient, error) {
 	}
 
 	opt.init()
-	cert, err := tls.LoadX509KeyPair(opt.ClientCertFile, opt.ClientKeyFile)
+	baseUrl, err := url.Parse(opt.BaseURL)
 	if err != nil {
-		return nil, err
+		return nil, errors.New("Failed to parse BaseURL")
 	}
 
-	// TODO: the error reporting of http.transport is insufficient
-	// we may want to check manually at least the existence of the certfiles
-	// The point is that also the error reporting of the context that calls this function
-	// is weak
 	t := &http.Transport{
-		TLSClientConfig: &tls.Config{
-			Certificates: []tls.Certificate{cert},
-		},
 		MaxIdleConns:        opt.MaxIdleConns,
 		MaxConnsPerHost:     opt.MaxConnsPerHost,
 		MaxIdleConnsPerHost: opt.MaxIdleConnsPerHost,
 		IdleConnTimeout:     time.Duration(opt.IdleConnTimeout) * time.Second,
 		DisableCompression:  true,
 	}
 
+	if baseUrl.Scheme == "https" {
+		cert, err := tls.LoadX509KeyPair(opt.ClientCertFile, opt.ClientKeyFile)
+		if err != nil {
+			return nil, err
+		}
+		t.TLSClientConfig = &tls.Config{
+			Certificates: []tls.Certificate{cert},
+		}
+	}
+
+	// TODO: the error reporting of http.transport is insufficient
+	// we may want to check manually at least the existence of the certfiles
+	// The point is that also the error reporting of the context that calls this function
+	// is weak
+
 	cl := &http.Client{
 		Transport: t,
 		CheckRedirect: func(req *http.Request, via []*http.Request) error {