bind: add ca-file flag

saucelabs · Jul 31, 2023 · 7f4d975 · 7f4d975
1 parent 072be21
commit 7f4d975
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/bind/flag.go b/bind/flag.go
@@ -132,6 +132,13 @@ func TLSClientConfig(fs *pflag.FlagSet, cfg *forwarder.TLSClientConfig) {
 	fs.BoolVar(&cfg.InsecureSkipVerify, "insecure", cfg.InsecureSkipVerify,
 		"Don't verify the server's certificate chain and host name. "+
 			"Enable to work with self-signed certificates. ")
+
+	fs.StringSliceVar(&cfg.CAFiles,
+		"ca-file", cfg.CAFiles, "<path or base64>"+
+			"Add your own CA certificates to verify against. "+
+			"The system root certificates will be used in addition to any certificates in this list. "+
+			"Can be a path to a file or \"data:\" followed by base64 encoded certificate. "+
+			"Use this flag multiple times to specify multiple CA certificate files. ")
 }
 
 func HTTPServerConfig(fs *pflag.FlagSet, cfg *forwarder.HTTPServerConfig, prefix string, schemes ...forwarder.Scheme) {

diff --git a/cmd/forwarder/root.go b/cmd/forwarder/root.go
@@ -56,8 +56,12 @@ func rootCommand() *cobra.Command {
 			Prefix: []string{"dns"},
 		},
 		{
-			Name:   "HTTP client options",
-			Prefix: []string{"http", "insecure"},
+			Name: "HTTP client options",
+			Prefix: []string{
+				"http",
+				"ca-file",
+				"insecure",
+			},
 		},
 		{
 			Name:   "Logging options",