added the tls configuration for pxy targets

cmd/config.go

@@ -141,6 +141,9 @@ type ServerConfig struct {
 	PXY struct {
 		Service PXYServiceConfig    `yaml:"service"`
 		TLS ServerTLSConfig         `yaml:"tls"`
+		Target struct {
+			TLS ClientTLSConfig `yaml:"tls"`
+		} `yaml:"target"`
 	} `yaml:"pxy"`
 
 	WPX struct {

cmd/main.go

@@ -123,6 +123,8 @@ func server_main(ctl_addrs []string, rpc_addrs []string, rpx_addrs[] string, pxy
 		if err != nil { return err }
 		config.PxyTls, err = make_tls_server_config(&cfg.PXY.TLS)
 		if err != nil { return err }
+		config.PxyTargetTls, err = make_tls_client_config(&cfg.PXY.Target.TLS)
+		if err != nil { return err }
 		config.WpxTls, err = make_tls_server_config(&cfg.WPX.TLS)
 		if err != nil { return err }
 

server-pxy.go

@@ -294,6 +294,7 @@ func (pxy *server_pxy_http_main) addr_to_transport (ctx context.Context, addr *n
 	var waitctx context.Context
 	var cancel_wait context.CancelFunc
 	var conn net.Conn
+	var tls_config *tls.Config
 	var err error
 
 	// establish the connection.
@@ -303,12 +304,17 @@ func (pxy *server_pxy_http_main) addr_to_transport (ctx context.Context, addr *n
 	cancel_wait()
 	if err != nil { return nil, err }
 
+	if pxy.S.Cfg.PxyTargetTls != nil {
+		tls_config = pxy.S.Cfg.PxyTargetTls.Clone()
+	} else {
+		tls_config = &tls.Config{InsecureSkipVerify: true}
+	}
 	// create a transport that uses the connection
 	return &http.Transport{
 		DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
 			return conn, nil
 		},
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // TODO: make this part configurable?
+		TLSClientConfig: tls_config,
 	}, nil
 }
 

server.go

@@ -75,6 +75,7 @@ type ServerConfig struct {
 
 	PxyAddrs []string
 	PxyTls *tls.Config
+	PxyTargetTls *tls.Config
 
 	WpxAddrs []string
 	WpxTls *tls.Config