mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

introduce build tags to optionally override some TLS settings

Browse Source
This commit is contained in:
Ryan Richard
2024-12-19 14:19:38 -08:00
parent acbe9ce23d
commit b625b4a076
9 changed files with 63 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
test/integration/supervisor_discovery_test.go
View File

@@ -34,7 +34,6 @@ import (
idpv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1"
supervisorclientset "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned"
"go.pinniped.dev/internal/certauthority"
"go.pinniped.dev/internal/crypto/ptls"
"go.pinniped.dev/internal/here"
"go.pinniped.dev/test/testlib"
)
@@ -866,7 +865,7 @@ func newHTTPClient(t *testing.T, caBundle []byte, dnsOverrides map[string]string
caCertPool.AppendCertsFromPEM(caBundle)
c.Transport = &http.Transport{
DialContext: overrideDialContext,
TLSClientConfig: &tls.Config{MinVersion: ptls.SecureTLSConfigMinTLSVersion, RootCAs: caCertPool}, //nolint:gosec // this seems to be a false flag, min tls version is 1.3 in normal mode or 1.2 in fips mode
TLSClientConfig: &tls.Config{MinVersion: tls.VersionTLS12, RootCAs: caCertPool},
}
} else {
c.Transport = &http.Transport{