@@ -290,24 +290,41 @@ func InitServer(port int, apiHost, apiPath, storePath string,
290290 authConfig * AuthConfig ) * Server {
291291 once .Do (func () {
292292 ServerInstance = & Server {
293- port : port ,
294- apiHost : apiHost ,
295- apiPath : apiPath ,
296- dataOut : dataOut ,
297- closeCh : closeCh ,
298- status : notReady ,
299- HTTPClient : & http.Client {
300- Transport : & http.Transport {
301- MaxIdleConnsPerHost : 20 ,
302- },
303- Timeout : 10 * time .Second ,
304- },
293+ port : port ,
294+ apiHost : apiHost ,
295+ apiPath : apiPath ,
296+ dataOut : dataOut ,
297+ closeCh : closeCh ,
298+ status : notReady ,
305299 pubSubAPI : pubsubv1 .GetAPIInstance (storePath ),
306300 subscriberAPI : subscriberApi .GetAPIInstance (storePath ),
307301 statusReceiveOverrideFn : onStatusReceiveOverrideFn ,
308302 authConfig : authConfig ,
309303 }
310304
305+ // Configure HTTPClient with proper TLS settings for publisher endpoint validation
306+ if authConfig != nil && authConfig .EnableMTLS {
307+ // Create HTTPClient with TLS configuration that allows localhost connections
308+ ServerInstance .HTTPClient = & http.Client {
309+ Transport : & http.Transport {
310+ MaxIdleConnsPerHost : 20 ,
311+ TLSClientConfig : & tls.Config {
312+ InsecureSkipVerify : true , // Skip certificate verification for localhost connections
313+ },
314+ },
315+ Timeout : 10 * time .Second ,
316+ }
317+ log .Infof ("InitServer: Configured HTTPClient with InsecureSkipVerify for mTLS localhost connections" )
318+ } else {
319+ // Use default HTTP client for non-mTLS configurations
320+ ServerInstance .HTTPClient = & http.Client {
321+ Transport : & http.Transport {
322+ MaxIdleConnsPerHost : 20 ,
323+ },
324+ Timeout : 10 * time .Second ,
325+ }
326+ }
327+
311328 // Initialize mTLS CA certificate pool if mTLS is enabled
312329 if authConfig != nil && authConfig .EnableMTLS && authConfig .CACertPath != "" {
313330 fmt .Printf ("InitServer: Setting authConfig with EnableMTLS=%t\n " , authConfig .EnableMTLS )
0 commit comments