From e2a3180ec737cae72071090bc9d27d742d4ad9b1 Mon Sep 17 00:00:00 2001
From: hyung-hwan <hyunghwan.chung@gmail.com>
Date: Sun, 24 Aug 2025 14:36:10 +0900
Subject: [PATCH] added the tls configuration for pxy targets

---
 cmd/config.go | 3 +++
 cmd/main.go   | 2 ++
 server-pxy.go | 8 +++++++-
 server.go     | 1 +
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/cmd/config.go b/cmd/config.go
index 496af17..26e77aa 100644
--- a/cmd/config.go
+++ b/cmd/config.go
@@ -141,6 +141,9 @@ type ServerConfig struct {
 	PXY struct {
 		Service PXYServiceConfig    `yaml:"service"`
 		TLS ServerTLSConfig         `yaml:"tls"`
+		Target struct {
+			TLS ClientTLSConfig `yaml:"tls"`
+		} `yaml:"target"`
 	} `yaml:"pxy"`
 
 	WPX struct {
diff --git a/cmd/main.go b/cmd/main.go
index 16aeadc..84e31e3 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -123,6 +123,8 @@ func server_main(ctl_addrs []string, rpc_addrs []string, rpx_addrs[] string, pxy
 		if err != nil { return err }
 		config.PxyTls, err = make_tls_server_config(&cfg.PXY.TLS)
 		if err != nil { return err }
+		config.PxyTargetTls, err = make_tls_client_config(&cfg.PXY.Target.TLS)
+		if err != nil { return err }
 		config.WpxTls, err = make_tls_server_config(&cfg.WPX.TLS)
 		if err != nil { return err }
 
diff --git a/server-pxy.go b/server-pxy.go
index a08fb1b..0185b4f 100644
--- a/server-pxy.go
+++ b/server-pxy.go
@@ -294,6 +294,7 @@ func (pxy *server_pxy_http_main) addr_to_transport (ctx context.Context, addr *n
 	var waitctx context.Context
 	var cancel_wait context.CancelFunc
 	var conn net.Conn
+	var tls_config *tls.Config
 	var err error
 
 	// establish the connection.
@@ -303,12 +304,17 @@ func (pxy *server_pxy_http_main) addr_to_transport (ctx context.Context, addr *n
 	cancel_wait()
 	if err != nil { return nil, err }
 
+	if pxy.S.Cfg.PxyTargetTls != nil {
+		tls_config = pxy.S.Cfg.PxyTargetTls.Clone()
+	} else {
+		tls_config = &tls.Config{InsecureSkipVerify: true}
+	}
 	// create a transport that uses the connection
 	return &http.Transport{
 		DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
 			return conn, nil
 		},
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // TODO: make this part configurable?
+		TLSClientConfig: tls_config,
 	}, nil
 }
 
diff --git a/server.go b/server.go
index 63397b0..d27cfa9 100644
--- a/server.go
+++ b/server.go
@@ -75,6 +75,7 @@ type ServerConfig struct {
 
 	PxyAddrs []string
 	PxyTls *tls.Config
+	PxyTargetTls *tls.Config
 
 	WpxAddrs []string
 	WpxTls *tls.Config