Add new method to access a client config's TLSConfig. (#20265)

api/client.go

@@ -203,6 +203,7 @@ type Config struct {
 	// commands such as 'vault operator raft snapshot' as this redirects to the
 	// primary node.
 	DisableRedirects bool
+	clientTLSConfig  *tls.Config
 }
 
 // TLSConfig contains the parameters needed to configure TLS on the HTTP client
@@ -337,10 +338,17 @@ func (c *Config) configureTLS(t *TLSConfig) error {
 	if t.TLSServerName != "" {
 		clientTLSConfig.ServerName = t.TLSServerName
 	}
+	c.clientTLSConfig = clientTLSConfig
 
 	return nil
 }
 
+func (c *Config) TLSConfig() *tls.Config {
+	c.modifyLock.RLock()
+	defer c.modifyLock.RUnlock()
+	return c.clientTLSConfig.Clone()
+}
+
 // ConfigureTLS takes a set of TLS configurations and applies those to the
 // HTTP client.
 func (c *Config) ConfigureTLS(t *TLSConfig) error {
@@ -665,6 +673,7 @@ func (c *Client) CloneConfig() *Config {
 	newConfig.CloneHeaders = c.config.CloneHeaders
 	newConfig.CloneToken = c.config.CloneToken
 	newConfig.ReadYourWrites = c.config.ReadYourWrites
+	newConfig.clientTLSConfig = c.config.clientTLSConfig
 
 	// we specifically want a _copy_ of the client here, not a pointer to the original one
 	newClient := *c.config.HttpClient

changelog/20265.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+* api: Add Config.TLSConfig method to fetch the TLS configuration from a client config.
+```