1//go:build !windows 2// +build !windows 3 4package tls 5 6import ( 7 "crypto/x509" 8 "sync" 9) 10 11type rootCertsCache struct { 12 sync.Mutex 13 pool *x509.CertPool 14} 15 16func (c *rootCertsCache) load() (*x509.CertPool, error) { 17 c.Lock() 18 defer c.Unlock() 19 20 if c.pool != nil { 21 return c.pool, nil 22 } 23 24 pool, err := x509.SystemCertPool() 25 if err != nil { 26 return nil, err 27 } 28 c.pool = pool 29 return pool, nil 30} 31 32var rootCerts rootCertsCache 33 34func (c *Config) getCertPool() (*x509.CertPool, error) { 35 if c.DisableSystemRoot { 36 return c.loadSelfCertPool() 37 } 38 39 if len(c.Certificate) == 0 { 40 return rootCerts.load() 41 } 42 43 pool, err := x509.SystemCertPool() 44 if err != nil { 45 return nil, newError("system root").AtWarning().Base(err) 46 } 47 for _, cert := range c.Certificate { 48 if !pool.AppendCertsFromPEM(cert.Certificate) { 49 return nil, newError("append cert to root").AtWarning().Base(err) 50 } 51 } 52 return pool, err 53} 54