vault: Index | Files

package rootcerts

import ""

Package rootcerts contains functions to aid in loading CA certificates for TLS connections.

In addition, its default behavior on Darwin works around an open issue [1] in Go's crypto/x509 that prevents certicates from being loaded from the System or Login keychains.



Package Files

doc.go rootcerts.go rootcerts_base.go

func ConfigureTLS Uses

func ConfigureTLS(t *tls.Config, c *Config) error

ConfigureTLS sets up the RootCAs on the provided tls.Config based on the Config specified.

func LoadCACerts Uses

func LoadCACerts(c *Config) (*x509.CertPool, error)

LoadCACerts loads a CertPool based on the Config specified.

func LoadCAFile Uses

func LoadCAFile(caFile string) (*x509.CertPool, error)

LoadCAFile loads a single PEM-encoded file from the path specified.

func LoadCAPath Uses

func LoadCAPath(caPath string) (*x509.CertPool, error)

LoadCAPath walks the provided path and loads all certificates encounted into a pool.

func LoadSystemCAs Uses

func LoadSystemCAs() (*x509.CertPool, error)

LoadSystemCAs does nothing on non-Darwin systems. We return nil so that default behavior of standard TLS config libraries is triggered, which is to load system certs.

type Config Uses

type Config struct {
    // CAFile is a path to a PEM-encoded certificate file or bundle. Takes
    // precedence over CAPath.
    CAFile string

    // CAPath is a path to a directory populated with PEM-encoded certificates.
    CAPath string

Config determines where LoadCACerts will load certificates from. When both CAFile and CAPath are blank, this library's functions will either load system roots explicitly and return them, or set the CertPool to nil to allow Go's standard library to load system certs.

Package rootcerts imports 6 packages (graph). Updated 2019-07-19. Refresh now. Tools for package owners.