feat(dataproxy): TLS CA Cert for self-signed certs

For self-signed TLS Certificates, authentication with InsecureSkipVerify set to false then this error will occur: x509: certificate signed by unknown authority The solution is to allow the user to upload the CA cert as well.
2025-08-03 01:42:12 +08:00 · 2016-11-16 13:50:56 +01:00
parent c9b2c694f1
commit 387f8cc0c6
2 changed files with 31 additions and 0 deletions
--- a/pkg/api/dataproxy.go
+++ b/pkg/api/dataproxy.go
@ -2,6 +2,7 @@ package api

 import (
 	"crypto/tls"
+	"crypto/x509"
 	"net"
 	"net/http"
 	"net/http/httputil"
@ -40,6 +41,15 @@ func DataProxyTransport(ds *m.DataSource) (*http.Transport, error) {
 		transport.TLSClientConfig.InsecureSkipVerify = false

 		decrypted := ds.SecureJsonData.Decrypt()
+
+		if len(decrypted["tlsCACert"]) > 0 {
+			caPool := x509.NewCertPool()
+			ok := caPool.AppendCertsFromPEM([]byte(decrypted["tlsCACert"]))
+			if ok {
+				transport.TLSClientConfig.RootCAs = caPool
+			}
+		}
+
 		cert, err := tls.X509KeyPair([]byte(decrypted["tlsClientCert"]), []byte(decrypted["tlsClientKey"]))
 		if err != nil {
 			return nil, err