Use custom http client for cacrt or skipTLS check

Signed-off-by: Tamal Saha <tamal@appscode.com>
appscode-cloud · Sep 13, 2024 · 669afe6 · 669afe6
1 parent d63a2d1
commit 669afe6
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/client/client.go b/client/client.go
@@ -53,19 +53,18 @@ func NewClient(baseURL, token, clusterUID string, caCert []byte, insecureSkipVer
 		url:        u,
 		token:      token,
 		clusterUID: clusterUID,
+		client:     http.DefaultClient,
 	}
-	if len(caCert) == 0 {
-		c.client = http.DefaultClient
-	} else {
-		caCertPool := x509.NewCertPool()
-		caCertPool.AppendCertsFromPEM(caCert)
-
+	if len(caCert) > 0 || insecureSkipVerifyTLS {
 		tlsConfig := &tls.Config{
 			InsecureSkipVerify: insecureSkipVerifyTLS,
-			RootCAs:            caCertPool,
 		}
-		transport := &http.Transport{TLSClientConfig: tlsConfig}
-		c.client = &http.Client{Transport: transport}
+		if len(c.caCert) > 0 {
+			caCertPool := x509.NewCertPool()
+			caCertPool.AppendCertsFromPEM(caCert)
+			tlsConfig.RootCAs = caCertPool
+		}
+		c.client = &http.Client{Transport: &http.Transport{TLSClientConfig: tlsConfig}}
 	}
 	return c, nil
 }