portainer/api/ssl.go

package main

import (
	"crypto/tls"
	"crypto/x509"
	"io/ioutil"
	"log"
)

// newTLSConfig initializes a tls.Config from the TLS flags
func newTLSConfig(tlsFlags TLSFlags) *tls.Config {
	cert, err := tls.LoadX509KeyPair(tlsFlags.certPath, tlsFlags.keyPath)
	if err != nil {
		log.Fatal(err)
	}
	caCert, err := ioutil.ReadFile(tlsFlags.caPath)
	if err != nil {
		log.Fatal(err)
	}
	caCertPool := x509.NewCertPool()
	caCertPool.AppendCertsFromPEM(caCert)
	tlsConfig := &tls.Config{
		Certificates: []tls.Certificate{cert},
		RootCAs:      caCertPool,
	}
	return tlsConfig
}