Add support for mTLS for Audit log target (#11645)

2025-11-20 01:50:24 -05:00 · 2021-03-01 22:49:13 +05:30
parent 10bdb78699
commit bbd1244a88
6 changed files with 97 additions and 17 deletions
--- a/cmd/utils.go
+++ b/cmd/utils.go
@@ -43,6 +43,7 @@ import (
 	"github.com/gorilla/mux"
 	xhttp "github.com/minio/minio/cmd/http"
 	"github.com/minio/minio/cmd/logger"
+	"github.com/minio/minio/pkg/certs"
 	"github.com/minio/minio/pkg/handlers"
 	"github.com/minio/minio/pkg/madmin"
 	"golang.org/x/net/http2"
@@ -606,6 +607,25 @@ func newCustomHTTPTransport(tlsConfig *tls.Config, dialTimeout time.Duration) fu
 	}
 }

+// NewGatewayHTTPTransportWithClientCerts returns a new http configuration
+// used while communicating with the cloud backends.
+func NewGatewayHTTPTransportWithClientCerts(clientCert, clientKey string) *http.Transport {
+	transport := newGatewayHTTPTransport(1 * time.Minute)
+	if clientCert != "" && clientKey != "" {
+		ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+		defer cancel()
+		c, err := certs.NewManager(ctx, clientCert, clientKey, tls.LoadX509KeyPair)
+		if err != nil {
+			logger.LogIf(ctx, fmt.Errorf("failed to load client key and cert, please check your endpoint configuration: %s",
+				err.Error()))
+		}
+		if c != nil {
+			transport.TLSClientConfig.GetClientCertificate = c.GetClientCertificate
+		}
+	}
+	return transport
+}
+
 // NewGatewayHTTPTransport returns a new http configuration
 // used while communicating with the cloud backends.
 func NewGatewayHTTPTransport() *http.Transport {