From a0ccd087520a638dd837c988ab29898beec9b2f1 Mon Sep 17 00:00:00 2001
From: yashsinghcodes <yash9vardhan@gmail.com>
Date: Thu, 15 Aug 2024 08:48:30 +0000
Subject: [PATCH 1/2] cert handling at client level

---
 shared.go | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/shared.go b/shared.go
index 0fa6d6f..3d41995 100755
--- a/shared.go
+++ b/shared.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"crypto/tls"
+	"crypto/x509"
 	"errors"
 	"fmt"
 	"io"
@@ -12,6 +13,7 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"path/filepath"
 	"reflect"
 	"sort"
 	"sync"
@@ -23660,6 +23662,38 @@ func GetExternalClient(baseUrl string) *http.Client {
 		InsecureSkipVerify: skipSSLVerify,
 	}
 
+	rootCAs, _ := x509.SystemCertPool()
+	if rootCAs == nil {
+		rootCAs = x509.NewCertPool()
+	}
+
+	if os.Getenv("SHUFFLE_CERT_DIR") == "" {
+		os.Setenv("SHUFFLE_CERT_DIR", "certs/")
+	}
+
+	certDir := os.Getenv("SHUFFLE_CERT_DIR")
+
+	log.Printf("[INFO] Reading self signed certificates from %s dir", certDir)
+
+	files, err := os.ReadDir(certDir)
+	if err == nil && os.Getenv("SHUFFLE_CERT_DIR") != "" {
+		for _, file := range files {
+			if !file.IsDir() {
+				certPath := filepath.Join(certDir, file.Name())
+				caCert, err := os.ReadFile(certPath)
+				if err != nil {
+					log.Printf("[ERROR] Error reading the certificate %s: %s", file.Name(), err)
+				} else {
+					if ok := rootCAs.AppendCertsFromPEM(caCert); ok {
+						log.Printf("[INFO] Successfully appended certificate: %s", file.Name())
+					}
+				}
+			}
+		}
+		transport.TLSClientConfig = &tls.Config{RootCAs: rootCAs}
+	}
+
+
 	if (len(httpProxy) > 0 || len(httpsProxy) > 0) && baseUrl != "http://shuffle-backend:5001" {
 		//client = &http.Client{}
 	} else {

From d1e18317a79838b11bb68a3da79ea3d9d91997b1 Mon Sep 17 00:00:00 2001
From: yashsinghcodes <yash9vardhan@gmail.com>
Date: Fri, 16 Aug 2024 19:35:18 +0530
Subject: [PATCH 2/2] default path /certs

---
 shared.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/shared.go b/shared.go
index 3d41995..60337fe 100755
--- a/shared.go
+++ b/shared.go
@@ -23667,11 +23667,11 @@ func GetExternalClient(baseUrl string) *http.Client {
 		rootCAs = x509.NewCertPool()
 	}
 
-	if os.Getenv("SHUFFLE_CERT_DIR") == "" {
-		os.Setenv("SHUFFLE_CERT_DIR", "certs/")
-	}
+    certDir := "/certs/"
 
-	certDir := os.Getenv("SHUFFLE_CERT_DIR")
+	if os.Getenv("SHUFFLE_CERT_DIR") != "" {
+        certDir = os.Getenv("SHUFFLE_CERT_DIR")
+	}
 
 	log.Printf("[INFO] Reading self signed certificates from %s dir", certDir)