Add clientside code for gRPC
diff --git a/grpc.go b/grpc.go
index 3cace95..af5a6ac 100644
--- a/grpc.go
+++ b/grpc.go
@@ -192,3 +192,25 @@
return []grpc.ServerOption{creds, interceptor}
}
+
+func WithClientHSPKI() grpc.DialOption {
+ certPool := x509.NewCertPool()
+ ca, err := ioutil.ReadFile(flagCAPath)
+ if err != nil {
+ glog.Exitf("WithClientHSPKI: cannot load CA certificate: %v", err)
+ }
+ if ok := certPool.AppendCertsFromPEM(ca); !ok {
+ glog.Exitf("WithClientHSPKI: cannot use CA certificate: %v", err)
+ }
+
+ clientCert, err := tls.LoadX509KeyPair(flagCertificatePath, flagKeyPath)
+ if err != nil {
+ glog.Exitf("WithClientHSPKI: cannot load service certificate/key: %v", err)
+ }
+
+ creds := credentials.NewTLS(&tls.Config{
+ Certificates: []tls.Certificate{clientCert},
+ RootCAs: certPool,
+ })
+ return grpc.WithTransportCredentials(creds)
+}