1 files changed, 19 insertions, 9 deletions

diff --git a/client/httpclient.go b/client/httpclient.go
index f2e82e5..15bae25 100644
--- a/client/httpclient.go
+++ b/client/httpclient.go
@@ -5,9 +5,11 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
+	"fmt"
 	"io/ioutil"
 	"net"
 	"net/http"
+	"os"
 	"path/filepath"
 	"strings"
 	"time"
@@ -25,6 +27,10 @@ const (
 	defaultReadTimeoutSeconds = 300
 )
 
+var (
+	ErrCafileNotFound = errors.New("cafile not found")
+)
+
 type HttpClient struct {
 	*http.Client
 	Host string
@@ -60,15 +66,6 @@ func NewHTTPClient(gitlabURL, gitlabRelativeURLRoot, caFile, caPath string, self
 
 // NewHTTPClientWithOpts builds an HTTP client using the provided options
 func NewHTTPClientWithOpts(gitlabURL, gitlabRelativeURLRoot, caFile, caPath string, selfSignedCert bool, readTimeoutSeconds uint64, opts []HTTPClientOpt) (*HttpClient, error) {
-	hcc := &httpClientCfg{
-		caFile: caFile,
-		caPath: caPath,
-	}
-
-	for _, opt := range opts {
-		opt(hcc)
-	}
-
 	var transport *http.Transport
 	var host string
 	var err error
@@ -77,6 +74,19 @@ func NewHTTPClientWithOpts(gitlabURL, gitlabRelativeURLRoot, caFile, caPath stri
 	} else if strings.HasPrefix(gitlabURL, httpProtocol) {
 		transport, host = buildHttpTransport(gitlabURL)
 	} else if strings.HasPrefix(gitlabURL, httpsProtocol) {
+		hcc := &httpClientCfg{
+			caFile: caFile,
+			caPath: caPath,
+		}
+
+		for _, opt := range opts {
+			opt(hcc)
+		}
+
+		if _, err := os.Stat(caFile); err != nil {
+			return nil, fmt.Errorf("cannot find cafile '%s': %w", caFile, ErrCafileNotFound)
+		}
+
 		transport, host, err = buildHttpsTransport(*hcc, selfSignedCert, gitlabURL)
 		if err != nil {
 			return nil, err