From be9790ef8abf4d6d1c3962f462ebad1215343232 Mon Sep 17 00:00:00 2001
From: Daniel <d-schiffner@users.noreply.github.com>
Date: Fri, 25 Nov 2022 18:24:01 +0100
Subject: [PATCH] internal: reuse http transport to prevent leaking connections
 (#3996)

* Fix: Using the same http transport as the api

* fix: Using global tlsTransport instead of newly created one
---
 internal/outpost/ak/global.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/internal/outpost/ak/global.go b/internal/outpost/ak/global.go
index f70d4a5e3..d9c05b126 100644
--- a/internal/outpost/ak/global.go
+++ b/internal/outpost/ak/global.go
@@ -16,6 +16,7 @@ import (
 )
 
 var initialSetup = false
+var tlsTransport *http.RoundTripper = nil
 
 func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
 	l := log.WithField("logger", "authentik.outpost")
@@ -70,15 +71,19 @@ func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
 
 // GetTLSTransport Get a TLS transport instance, that skips verification if configured via environment variables.
 func GetTLSTransport() http.RoundTripper {
+	if tlsTransport != nil {
+		return *tlsTransport
+	}
 	value, set := os.LookupEnv("AUTHENTIK_INSECURE")
 	if !set {
 		value = "false"
 	}
-	tlsTransport, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
+	tmp, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
 		InsecureSkipVerify: strings.ToLower(value) == "true",
 	})
 	if err != nil {
 		panic(err)
 	}
-	return tlsTransport
+	tlsTransport = &tmp
+	return *tlsTransport
 }