+ lastModified.UTC().Format(http.TimeFormat))
+ }
+
+ client, ok := clients[ca]
+ if !ok {
+ pem, err := ioutil.ReadFile(ca)
+ if err != nil {
+ return 0, nil, errors.Wrapf(err, "file.ca %q", ca)
+ }
+ pool := x509.NewCertPool()
+ ok := pool.AppendCertsFromPEM(pem)
+ if !ok {
+ return 0, nil, fmt.Errorf(
+ "file.ca %q: no PEM cert found", ca)
+ }
+
+ client = &http.Client{
+ Transport: &http.Transport{
+ TLSClientConfig: &tls.Config{
+ RootCAs: pool,
+ },
+ },
+ }
+ clients[ca] = client