cfssl: Index | Files | Directories

package roots

import ""

Package roots includes support for loading trusted roots from various sources.

The following are supported trusted roout sources provided:

The "system" type does not take any metadata. It will use the default system certificates provided by the operating system.

The "cfssl" provider takes keys for the CFSSL "host", "label", and "profile", and loads the returned certificate into the trust store.

The "file" provider takes a source file (specified under the "source" key) that contains one or more certificates and adds them into the source tree.


Package Files

cfssl.go doc.go provider.go


var Providers = map[string]func(map[string]string) ([]*x509.Certificate, error){
    "system": system.New,
    "cfssl":  NewCFSSL,
    "file":   TrustPEM,

Providers is a mapping of supported providers and the functions that can build them.

func NewCFSSL Uses

func NewCFSSL(metadata map[string]string) ([]*x509.Certificate, error)

NewCFSSL produces a new CFSSL root.

func TrustPEM Uses

func TrustPEM(metadata map[string]string) ([]*x509.Certificate, error)

TrustPEM takes a source file containing one or more certificates and adds them to the trust store.

type TrustStore Uses

type TrustStore struct {
    // contains filtered or unexported fields

A TrustStore contains a pool of certificate that are trusted for a given TLS configuration.

func New Uses

func New(rootDefs []*core.Root) (*TrustStore, error)

New produces a new trusted root provider from a collection of roots. If there are no roots, the system roots will be used.

func (*TrustStore) Certificates Uses

func (ts *TrustStore) Certificates() []*x509.Certificate

Certificates returns a slice of the loaded certificates.

func (*TrustStore) Pool Uses

func (ts *TrustStore) Pool() *x509.CertPool

Pool returns a certificate pool containing the certificates loaded into the provider.

type Trusted Uses

type Trusted interface {
    // Certificates returns a slice containing the certificates
    // that are loaded into the provider.
    Certificates() []*x509.Certificate

    // AddCert adds a new certificate into the certificate pool.
    AddCert(cert *x509.Certificate)

    // AddPEM adds a one or more PEM-encoded certificates into the
    // certificate pool.
    AddPEM(cert []byte) bool

Trusted contains a store of trusted certificates.



Package roots imports 10 packages (graph) and is imported by 52 packages. Updated 2018-03-16. Refresh now. Tools for package owners.