admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e8c8742baefa6d063b6434d7c1560eb5e0108a01
gluetun/internal/provider/privateinternetaccess/httpclient.go
Quentin McGaw e8c8742bae Maintenance: split each provider in a package 
- Fix VyprVPN port
- Fix missing Auth overrides
2021-05-11 17:10:51 +00:00

58 lines
1.4 KiB
Go
Raw Blame History

package privateinternetaccess
import (
"crypto/tls"
"crypto/x509"
"encoding/base64"
"errors"
"fmt"
"net"
"net/http"
"time"
"github.com/qdm12/gluetun/internal/constants"
)
var (
ErrParseCertificate = errors.New("cannot parse X509 certificate")
)
func newHTTPClient(serverName string) (client *http.Client, err error) {
certificateBytes, err := base64.StdEncoding.DecodeString(constants.PIACertificateStrong)
if err != nil {
return nil, fmt.Errorf("%w: %s", ErrParseCertificate, err)
}
certificate, err := x509.ParseCertificate(certificateBytes)
if err != nil {
return nil, fmt.Errorf("%w: %s", ErrParseCertificate, err)
}
//nolint:gomnd
transport := &http.Transport{
// Settings taken from http.DefaultTransport
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).DialContext,
ForceAttemptHTTP2: true,
MaxIdleConns: 100,
IdleConnTimeout: 90 * time.Second,
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
}
rootCAs := x509.NewCertPool()
rootCAs.AddCert(certificate)
transport.TLSClientConfig = &tls.Config{
RootCAs: rootCAs,
MinVersion: tls.VersionTLS12,
ServerName: serverName,
}
const httpTimeout = 30 * time.Second
return &http.Client{
Transport: transport,
Timeout: httpTimeout,
}, nil
}
Reference in New Issue View Git Blame Copy Permalink