fix(tls): centralize the TLS configuration to ensure FIPS compliance BE-11979 (#960)

api/docker/client/client.go

@@ -181,10 +181,11 @@ func httpClient(endpoint *portainer.Endpoint, timeout *time.Duration) (*http.Cli
 	}
 
 	if endpoint.TLSConfig.TLS {
-		tlsConfig, err := crypto.CreateTLSConfigurationFromDisk(endpoint.TLSConfig.TLSCACertPath, endpoint.TLSConfig.TLSCertPath, endpoint.TLSConfig.TLSKeyPath, endpoint.TLSConfig.TLSSkipVerify)
+		tlsConfig, err := crypto.CreateTLSConfigurationFromDisk(endpoint.TLSConfig)
 		if err != nil {
 			return nil, err
 		}
+
 		transport.TLSClientConfig = tlsConfig
 	}
 

api/docker/client/client_test.go

@@ -0,0 +1,26 @@
+package client
+
+import (
+	"testing"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/stretchr/testify/require"
+)
+
+func TestHttpClient(t *testing.T) {
+	// Valid TLS configuration
+	endpoint := &portainer.Endpoint{}
+	endpoint.TLSConfig = portainer.TLSConfiguration{TLS: true}
+
+	cli, err := httpClient(endpoint, nil)
+	require.NoError(t, err)
+	require.NotNil(t, cli)
+
+	// Invalid TLS configuration
+	endpoint.TLSConfig.TLSCertPath = "/invalid/path/client.crt"
+	endpoint.TLSConfig.TLSKeyPath = "/invalid/path/client.key"
+
+	cli, err = httpClient(endpoint, nil)
+	require.Error(t, err)
+	require.Nil(t, cli)
+}