diff --git a/tea/tea.go b/tea/tea.go index db2e50a..041dd64 100644 --- a/tea/tea.go +++ b/tea/tea.go @@ -415,28 +415,30 @@ func getHttpTransport(req *Request, runtime *RuntimeObject) (*http.Transport, er if err != nil { return nil, err } - if strings.ToLower(*req.Protocol) == "https" && - runtime.Key != nil && runtime.Cert != nil { - cert, err := tls.X509KeyPair([]byte(StringValue(runtime.Cert)), []byte(StringValue(runtime.Key))) - if err != nil { - return nil, err - } - - trans.TLSClientConfig = &tls.Config{ - Certificates: []tls.Certificate{cert}, - InsecureSkipVerify: BoolValue(runtime.IgnoreSSL), - } - if runtime.CA != nil { - clientCertPool := x509.NewCertPool() - ok := clientCertPool.AppendCertsFromPEM([]byte(StringValue(runtime.CA))) - if !ok { - return nil, errors.New("Failed to parse root certificate") + if strings.ToLower(*req.Protocol) == "https" { + if BoolValue(runtime.IgnoreSSL) != true { + trans.TLSClientConfig = &tls.Config{ + InsecureSkipVerify: false, + } + if runtime.Key != nil && runtime.Cert != nil && StringValue(runtime.Key) != "" && StringValue(runtime.Cert) != "" { + cert, err := tls.X509KeyPair([]byte(StringValue(runtime.Cert)), []byte(StringValue(runtime.Key))) + if err != nil { + return nil, err + } + trans.TLSClientConfig.Certificates = []tls.Certificate{cert} + } + if runtime.CA != nil && StringValue(runtime.CA) != "" { + clientCertPool := x509.NewCertPool() + ok := clientCertPool.AppendCertsFromPEM([]byte(StringValue(runtime.CA))) + if !ok { + return nil, errors.New("Failed to parse root certificate") + } + trans.TLSClientConfig.RootCAs = clientCertPool + } + } else { + trans.TLSClientConfig = &tls.Config{ + InsecureSkipVerify: true, } - trans.TLSClientConfig.RootCAs = clientCertPool - } - } else { - trans.TLSClientConfig = &tls.Config{ - InsecureSkipVerify: BoolValue(runtime.IgnoreSSL), } } if httpProxy != nil { diff --git a/tea/tea_test.go b/tea/tea_test.go index f9fd2f8..297456f 100644 --- a/tea/tea_test.go +++ b/tea/tea_test.go @@ -542,20 +542,32 @@ func Test_DoRequest(t *testing.T) { runtimeObj["key"] = "private rsa key" runtimeObj["cert"] = "private certification" + runtimeObj["ca"] = "private ca" runtimeObj["ignoreSSL"] = true resp, err = DoRequest(request, runtimeObj) + utils.AssertNil(t, err) + utils.AssertNotNil(t, resp) + + // update the host is to restart a client + request.Headers["host"] = String("a.com") + runtimeObj["ignoreSSL"] = false + resp, err = DoRequest(request, runtimeObj) utils.AssertNotNil(t, err) + utils.AssertEqual(t, "tls: failed to find any PEM data in certificate input", err.Error()) utils.AssertNil(t, resp) + // update the host is to restart a client + request.Headers["host"] = String("b.com") runtimeObj["key"] = key runtimeObj["cert"] = cert runtimeObj["ca"] = "private ca" - runtimeObj["socks5Proxy"] = "socks5://someuser:somepassword@cs.aliyun.com" _, err = DoRequest(request, runtimeObj) utils.AssertNotNil(t, err) + utils.AssertEqual(t, "Failed to parse root certificate", err.Error()) + // update the host is to restart a client + request.Headers["host"] = String("c.com") runtimeObj["ca"] = ca - runtimeObj["socks5Proxy"] = "socks5://someuser:somepassword@cs.aliyuncs.com" resp, err = DoRequest(request, runtimeObj) utils.AssertNil(t, err) utils.AssertEqual(t, "test", StringValue(resp.Headers["tea"]))