Update TLS config for elasticsearch client

Follow up on elastic/beats#15516 to pass TLS options to forward proxies.
simitt · Feb 4, 2020 · 5649271 · 5649271
1 parent e8b39bb
commit 5649271
Showing 1 changed file with 21 additions and 19 deletions.
diff --git a/elasticsearch/config.go b/elasticsearch/config.go
@@ -73,21 +73,12 @@ func (h Hosts) Validate() error {
 }
 
 func connectionConfig(config *Config) (*http.Transport, []string, error) {
-	var dial, tlsDial transport.Dialer
-	var addrs []string
-	proxy, err := httpProxyURL(config)
-	if err == nil {
-		addrs, err = addresses(config)
-	}
-	if err == nil {
-		dial, tlsDial, err = dialer(config)
-	}
-	transport := &http.Transport{
-		Proxy:   proxy,
-		Dial:    dial.Dial,
-		DialTLS: tlsDial.Dial,
+	addrs, err := addresses(config)
+	if err != nil {
+		return nil, nil, err
 	}
-	return transport, addrs, err
+	transp, err := httpTransport(config)
+	return transp, addrs, err
 }
 
 func httpProxyURL(cfg *Config) (func(*http.Request) (*url.URL, error), error) {
@@ -122,16 +113,27 @@ func addresses(cfg *Config) ([]string, error) {
 	return addresses, nil
 }
 
-func dialer(cfg *Config) (transport.Dialer, transport.Dialer, error) {
+func httpTransport(cfg *Config) (*http.Transport, error) {
+	proxy, err := httpProxyURL(cfg)
+	if err != nil {
+		return nil, err
+	}
+
 	var tlsConfig *tlscommon.TLSConfig
-	var err error
 	if cfg.TLS.IsEnabled() {
 		if tlsConfig, err = tlscommon.LoadTLSConfig(cfg.TLS); err != nil {
-			return nil, nil, err
+			return nil, err
 		}
 	}
-
 	dialer := transport.NetDialer(cfg.Timeout)
 	tlsDialer, err := transport.TLSDialer(dialer, tlsConfig, cfg.Timeout)
-	return dialer, tlsDialer, err
+	if err != nil {
+		return nil, err
+	}
+	return &http.Transport{
+		Proxy:           proxy,
+		Dial:            dialer.Dial,
+		DialTLS:         tlsDialer.Dial,
+		TLSClientConfig: tlsConfig.ToConfig(),
+	}, nil
 }