File: README.md

package info (click to toggle)
golang-github-hashicorp-go-rootcerts 1.0.2-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, sid
  • size: 124 kB
  • sloc: makefile: 9
file content (44 lines) | stat: -rw-r--r-- 1,384 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# rootcerts

Functions for loading root certificates for TLS connections.

-----

Go's standard library `crypto/tls` provides a common mechanism for configuring
TLS connections in `tls.Config`. The `RootCAs` field on this struct is a pool
of certificates for the client to use as a trust store when verifying server
certificates.

This library contains utility functions for loading certificates destined for
that field, as well as one other important thing:

When the `RootCAs` field is `nil`, the standard library attempts to load the
host's root CA set.  This behavior is OS-specific, and the Darwin
implementation contains [a bug that prevents trusted certificates from the
System and Login keychains from being loaded][1]. This library contains
Darwin-specific behavior that works around that bug.

[1]: https://github.com/golang/go/issues/14514

## Example Usage

Here's a snippet demonstrating how this library is meant to be used:

```go
func httpClient() (*http.Client, error)
	tlsConfig := &tls.Config{}
	err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{
		CAFile:      os.Getenv("MYAPP_CAFILE"),
		CAPath:      os.Getenv("MYAPP_CAPATH"),
		Certificate: os.Getenv("MYAPP_CERTIFICATE"),
	})
	if err != nil {
		return nil, err
	}
	c := cleanhttp.DefaultClient()
	t := cleanhttp.DefaultTransport()
	t.TLSClientConfig = tlsConfig
	c.Transport = t
	return c, nil
}
```