1package httpclient 2 3import ( 4 "crypto/tls" 5 "crypto/x509" 6 "net" 7 "net/http" 8 "time" 9 10 "github.com/pivotal-cf/paraphernalia/secure/tlsconfig" 11) 12 13func NewMutualTLSClient(identity tls.Certificate, caCertPool *x509.CertPool, serverName string) *http.Client { 14 tlsConfig := tlsconfig.Build( 15 tlsconfig.WithIdentity(identity), 16 tlsconfig.WithInternalServiceDefaults(), 17 ) 18 19 clientConfig := tlsConfig.Client(tlsconfig.WithAuthority(caCertPool)) 20 clientConfig.BuildNameToCertificate() 21 clientConfig.ServerName = serverName 22 23 return &http.Client{ 24 Transport: &http.Transport{ 25 DialContext: (&net.Dialer{ 26 Timeout: 30 * time.Second, 27 KeepAlive: 30 * time.Second, 28 DualStack: true, 29 }).DialContext, 30 MaxIdleConns: 100, 31 IdleConnTimeout: 90 * time.Second, 32 TLSHandshakeTimeout: 10 * time.Second, 33 ExpectContinueTimeout: 1 * time.Second, 34 TLSClientConfig: clientConfig, 35 }, 36 Timeout: 10 * time.Second, 37 } 38} 39