diff options
Diffstat (limited to 'vendor/github.com/minio/minio-go/v7/transport.go')
| -rw-r--r-- | vendor/github.com/minio/minio-go/v7/transport.go | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/vendor/github.com/minio/minio-go/v7/transport.go b/vendor/github.com/minio/minio-go/v7/transport.go new file mode 100644 index 0000000..1bff664 --- /dev/null +++ b/vendor/github.com/minio/minio-go/v7/transport.go | |||
| @@ -0,0 +1,83 @@ | |||
| 1 | //go:build go1.7 || go1.8 | ||
| 2 | // +build go1.7 go1.8 | ||
| 3 | |||
| 4 | /* | ||
| 5 | * MinIO Go Library for Amazon S3 Compatible Cloud Storage | ||
| 6 | * Copyright 2017-2018 MinIO, Inc. | ||
| 7 | * | ||
| 8 | * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| 9 | * you may not use this file except in compliance with the License. | ||
| 10 | * You may obtain a copy of the License at | ||
| 11 | * | ||
| 12 | * http://www.apache.org/licenses/LICENSE-2.0 | ||
| 13 | * | ||
| 14 | * Unless required by applicable law or agreed to in writing, software | ||
| 15 | * distributed under the License is distributed on an "AS IS" BASIS, | ||
| 16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| 17 | * See the License for the specific language governing permissions and | ||
| 18 | * limitations under the License. | ||
| 19 | */ | ||
| 20 | |||
| 21 | package minio | ||
| 22 | |||
| 23 | import ( | ||
| 24 | "crypto/tls" | ||
| 25 | "crypto/x509" | ||
| 26 | "net" | ||
| 27 | "net/http" | ||
| 28 | "os" | ||
| 29 | "time" | ||
| 30 | ) | ||
| 31 | |||
| 32 | // mustGetSystemCertPool - return system CAs or empty pool in case of error (or windows) | ||
| 33 | func mustGetSystemCertPool() *x509.CertPool { | ||
| 34 | pool, err := x509.SystemCertPool() | ||
| 35 | if err != nil { | ||
| 36 | return x509.NewCertPool() | ||
| 37 | } | ||
| 38 | return pool | ||
| 39 | } | ||
| 40 | |||
| 41 | // DefaultTransport - this default transport is similar to | ||
| 42 | // http.DefaultTransport but with additional param DisableCompression | ||
| 43 | // is set to true to avoid decompressing content with 'gzip' encoding. | ||
| 44 | var DefaultTransport = func(secure bool) (*http.Transport, error) { | ||
| 45 | tr := &http.Transport{ | ||
| 46 | Proxy: http.ProxyFromEnvironment, | ||
| 47 | DialContext: (&net.Dialer{ | ||
| 48 | Timeout: 30 * time.Second, | ||
| 49 | KeepAlive: 30 * time.Second, | ||
| 50 | }).DialContext, | ||
| 51 | MaxIdleConns: 256, | ||
| 52 | MaxIdleConnsPerHost: 16, | ||
| 53 | ResponseHeaderTimeout: time.Minute, | ||
| 54 | IdleConnTimeout: time.Minute, | ||
| 55 | TLSHandshakeTimeout: 10 * time.Second, | ||
| 56 | ExpectContinueTimeout: 10 * time.Second, | ||
| 57 | // Set this value so that the underlying transport round-tripper | ||
| 58 | // doesn't try to auto decode the body of objects with | ||
| 59 | // content-encoding set to `gzip`. | ||
| 60 | // | ||
| 61 | // Refer: | ||
| 62 | // https://golang.org/src/net/http/transport.go?h=roundTrip#L1843 | ||
| 63 | DisableCompression: true, | ||
| 64 | } | ||
| 65 | |||
| 66 | if secure { | ||
| 67 | tr.TLSClientConfig = &tls.Config{ | ||
| 68 | // Can't use SSLv3 because of POODLE and BEAST | ||
| 69 | // Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher | ||
| 70 | // Can't use TLSv1.1 because of RC4 cipher usage | ||
| 71 | MinVersion: tls.VersionTLS12, | ||
| 72 | } | ||
| 73 | if f := os.Getenv("SSL_CERT_FILE"); f != "" { | ||
| 74 | rootCAs := mustGetSystemCertPool() | ||
| 75 | data, err := os.ReadFile(f) | ||
| 76 | if err == nil { | ||
| 77 | rootCAs.AppendCertsFromPEM(data) | ||
| 78 | } | ||
| 79 | tr.TLSClientConfig.RootCAs = rootCAs | ||
| 80 | } | ||
| 81 | } | ||
| 82 | return tr, nil | ||
| 83 | } | ||