mirror of
https://github.com/oarkflow/mq.git
synced 2025-10-04 23:52:48 +08:00
52 lines
1.2 KiB
Go
52 lines
1.2 KiB
Go
package mq
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"net"
|
|
"os"
|
|
)
|
|
|
|
// Connect to broker with optional TLS support
|
|
func connectToBroker(address string, useTLS bool, certFile string, caCertFile string) (net.Conn, error) {
|
|
if useTLS {
|
|
// Load the client certificate
|
|
cert, err := tls.LoadX509KeyPair(certFile, certFile)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Load CA certificate if provided (optional)
|
|
var tlsConfig *tls.Config
|
|
if caCertFile != "" {
|
|
caCert, err := os.ReadFile(caCertFile)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
caCertPool := x509.NewCertPool()
|
|
caCertPool.AppendCertsFromPEM(caCert)
|
|
|
|
tlsConfig = &tls.Config{
|
|
Certificates: []tls.Certificate{cert},
|
|
RootCAs: caCertPool,
|
|
}
|
|
} else {
|
|
tlsConfig = &tls.Config{
|
|
Certificates: []tls.Certificate{cert},
|
|
InsecureSkipVerify: true, // For testing without CA verification
|
|
}
|
|
}
|
|
|
|
// Dial TLS connection
|
|
conn, err := tls.Dial("tcp", address, tlsConfig)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to connect to broker via TLS: %v", err)
|
|
}
|
|
return conn, nil
|
|
}
|
|
|
|
// If not using TLS, use plain TCP connection
|
|
return net.Dial("tcp", address)
|
|
}
|