• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

test-fixtures/H10-Dec-2019-

.travis.ymlH A D10-Dec-201990

LICENSEH A D10-Dec-201915.5 KiB

MakefileH A D10-Dec-2019125

README.mdH A D10-Dec-20191.4 KiB

doc.goH A D10-Dec-2019354

go.modH A D10-Dec-201998

go.sumH A D10-Dec-2019181

rootcerts.goH A D10-Dec-20192.8 KiB

rootcerts_base.goH A D10-Dec-2019302

rootcerts_darwin.goH A D10-Dec-20191,022

rootcerts_darwin_test.goH A D10-Dec-2019318

rootcerts_test.goH A D10-Dec-20192 KiB

README.md

1# rootcerts
2
3Functions for loading root certificates for TLS connections.
4
5-----
6
7Go's standard library `crypto/tls` provides a common mechanism for configuring
8TLS connections in `tls.Config`. The `RootCAs` field on this struct is a pool
9of certificates for the client to use as a trust store when verifying server
10certificates.
11
12This library contains utility functions for loading certificates destined for
13that field, as well as one other important thing:
14
15When the `RootCAs` field is `nil`, the standard library attempts to load the
16host's root CA set.  This behavior is OS-specific, and the Darwin
17implementation contains [a bug that prevents trusted certificates from the
18System and Login keychains from being loaded][1]. This library contains
19Darwin-specific behavior that works around that bug.
20
21[1]: https://github.com/golang/go/issues/14514
22
23## Example Usage
24
25Here's a snippet demonstrating how this library is meant to be used:
26
27```go
28func httpClient() (*http.Client, error)
29	tlsConfig := &tls.Config{}
30	err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{
31		CAFile:      os.Getenv("MYAPP_CAFILE"),
32		CAPath:      os.Getenv("MYAPP_CAPATH"),
33		Certificate: os.Getenv("MYAPP_CERTIFICATE"),
34	})
35	if err != nil {
36		return nil, err
37	}
38	c := cleanhttp.DefaultClient()
39	t := cleanhttp.DefaultTransport()
40	t.TLSClientConfig = tlsConfig
41	c.Transport = t
42	return c, nil
43}
44```
45