func dialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
host := strings.TrimSuffix(addr, ":443")
+ ccg := ClientCertificateGetter{host}
cfg := tls.Config{
VerifyPeerCertificate: func(
rawCerts [][]byte,
) error {
return verifyCert(host, nil, rawCerts, verifiedChains)
},
- ClientSessionCache: sessionCache,
- NextProtos: []string{"h2", "http/1.1"},
+ ClientSessionCache: sessionCache,
+ NextProtos: []string{"h2", "http/1.1"},
+ GetClientCertificate: ccg.get,
}
conn, dialErr := tls.Dial(network, addr, &cfg)
if dialErr != nil {