Name | Date | Size | #Lines | LOC | ||
---|---|---|---|---|---|---|
.. | 03-May-2022 | - | ||||
test-fixtures/ | H | 10-Jun-2019 | - | |||
.travis.yml | H A D | 10-Jun-2019 | 90 | |||
LICENSE | H A D | 10-Jun-2019 | 15.5 KiB | |||
Makefile | H A D | 10-Jun-2019 | 125 | |||
README.md | H A D | 10-Jun-2019 | 1.3 KiB | |||
doc.go | H A D | 10-Jun-2019 | 354 | |||
go.mod | H A D | 10-Jun-2019 | 98 | |||
go.sum | H A D | 10-Jun-2019 | 181 | |||
rootcerts.go | H A D | 10-Jun-2019 | 2.2 KiB | |||
rootcerts_base.go | H A D | 10-Jun-2019 | 302 | |||
rootcerts_darwin.go | H A D | 10-Jun-2019 | 1,022 | |||
rootcerts_darwin_test.go | H A D | 10-Jun-2019 | 318 | |||
rootcerts_test.go | H A D | 10-Jun-2019 | 1 KiB |
README.md
1# rootcerts 2 3Functions for loading root certificates for TLS connections. 4 5----- 6 7Go's standard library `crypto/tls` provides a common mechanism for configuring 8TLS connections in `tls.Config`. The `RootCAs` field on this struct is a pool 9of certificates for the client to use as a trust store when verifying server 10certificates. 11 12This library contains utility functions for loading certificates destined for 13that field, as well as one other important thing: 14 15When the `RootCAs` field is `nil`, the standard library attempts to load the 16host's root CA set. This behavior is OS-specific, and the Darwin 17implementation contains [a bug that prevents trusted certificates from the 18System and Login keychains from being loaded][1]. This library contains 19Darwin-specific behavior that works around that bug. 20 21[1]: https://github.com/golang/go/issues/14514 22 23## Example Usage 24 25Here's a snippet demonstrating how this library is meant to be used: 26 27```go 28func httpClient() (*http.Client, error) 29 tlsConfig := &tls.Config{} 30 err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{ 31 CAFile: os.Getenv("MYAPP_CAFILE"), 32 CAPath: os.Getenv("MYAPP_CAPATH"), 33 }) 34 if err != nil { 35 return nil, err 36 } 37 c := cleanhttp.DefaultClient() 38 t := cleanhttp.DefaultTransport() 39 t.TLSClientConfig = tlsConfig 40 c.Transport = t 41 return c, nil 42} 43``` 44