This change allows for specifying a custom certpool or TLS configuration. Specifying a TLS configuration will override the internal logic and allow for hardening the TLS connection.
Alternate Designs
Removing the existing CAFile and CACert entirely, breaking backwards compatibility.
Applying the CACert and CAFile parameters to the passed tls.Config struct.
Description of the Change
This change allows for specifying a custom certpool or TLS configuration. Specifying a TLS configuration will override the internal logic and allow for hardening the TLS connection.
Alternate Designs
Benefits
Hardened TLS configuration, custom certificate loading.
Possible Drawbacks
The TLSConfig overrides the CACert and CAFile parameters, which may cause some confusion if someone uses this library directly.
Verification Process
This change was tested against a modified version of the go-ovirt-client test suite.
Applicable Issues
None.