X-Git-Url: https://ruderich.org/simon/gitweb/?p=nsscash%2Fnsscash.git;a=blobdiff_plain;f=fetch.go;h=16e8d902a1d3f179e35a07851650243c61c17abf;hp=9834f3ead8d5beddc74134e722bd60797869f394;hb=c43a74c01d838cef9dfe4aadbff54c03df8f1f1d;hpb=92afde4e875a96e1ab865e29b9f0d11b08d7db1c

diff --git a/fetch.go b/fetch.go
index 9834f3e..16e8d90 100644
--- a/fetch.go
+++ b/fetch.go
@@ -18,26 +18,58 @@
 package main
 
 import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
 	"io/ioutil"
 	"net/http"
 	"time"
+
+	"github.com/pkg/errors"
 )
 
 // Global variable to permit reuse of connections (keep-alive)
-var client *http.Client
+var clients map[string]*http.Client
 
 func init() {
-	client = &http.Client{}
+	clients = make(map[string]*http.Client)
+	clients[""] = &http.Client{}
 }
 
-func fetchIfModified(url string, lastModified *time.Time) (int, []byte, error) {
+func fetchIfModified(url, user, pass, ca string, lastModified *time.Time) (int, []byte, error) {
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		return 0, nil, err
 	}
+	if user != "" || pass != "" {
+		req.SetBasicAuth(user, pass)
+	}
 	if !lastModified.IsZero() {
 		req.Header.Add("If-Modified-Since",
-			lastModified.Format(http.TimeFormat))
+			lastModified.UTC().Format(http.TimeFormat))
+	}
+
+	client, ok := clients[ca]
+	if !ok {
+		pem, err := ioutil.ReadFile(ca)
+		if err != nil {
+			return 0, nil, errors.Wrapf(err, "file.ca %q", ca)
+		}
+		pool := x509.NewCertPool()
+		ok := pool.AppendCertsFromPEM(pem)
+		if !ok {
+			return 0, nil, fmt.Errorf(
+				"file.ca %q: no PEM cert found", ca)
+		}
+
+		client = &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{
+					RootCAs: pool,
+				},
+			},
+		}
+		clients[ca] = client
 	}
 
 	resp, err := client.Do(req)