1 files changed, 35 insertions, 2 deletions

diff --git a/src/config/runtime.rs b/src/config/runtime.rs
index a1582e4..2e7b573 100644
--- a/src/config/runtime.rs
+++ b/src/config/runtime.rs
@@ -1,6 +1,8 @@
+use std::fs::File;
+use std::io::Read;
 use std::time::Duration;
 
-use anyhow::{anyhow, Result};
+use anyhow::{anyhow, bail, Result};
 
 use crate::config::{ConfigOpts, ConfigOptsAcme, ConfigOptsBase, ConfigOptsConsul};
 
@@ -18,6 +20,7 @@ pub struct RuntimeConfigAcme {
 pub struct RuntimeConfigConsul {
   pub node_name: String,
   pub url: String,
+  pub tls: Option<(Option<reqwest::Certificate>, bool, reqwest::Identity)>,
 }
 
 #[derive(Debug)]
@@ -77,7 +80,37 @@ impl RuntimeConfigConsul {
       .expect("'DIPLONAT_CONSUL_NODE_NAME' environment variable is required");
     let url = opts.url.unwrap_or(super::CONSUL_URL.to_string());
 
-    Ok(Self { node_name, url })
+    let tls = match (&opts.client_cert, &opts.client_key) {
+      (Some(client_cert), Some(client_key)) => {
+        let cert = match &opts.ca_cert {
+          Some(ca_cert) => {
+            let mut ca_cert_buf = vec![];
+            File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?;
+            Some(reqwest::Certificate::from_pem(&ca_cert_buf[..])?)
+          }
+          None => None,
+        };
+
+        let mut client_cert_buf = vec![];
+        File::open(client_cert)?.read_to_end(&mut client_cert_buf)?;
+
+        let mut client_key_buf = vec![];
+        File::open(client_key)?.read_to_end(&mut client_key_buf)?;
+
+        let ident =
+          reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?;
+
+        Some((cert, opts.tls_skip_verify, ident))
+      }
+      (None, None) => None,
+      _ => bail!("Incomplete TLS configuration parameters"),
+    };
+
+    Ok(Self {
+      node_name,
+      url,
+      tls,
+    })
   }
 }