ceph-csi/vendor/github.com/hashicorp/go-rootcerts
Niels de Vos 91774fc936 rebase: vendor dependencies for Vault API
Uses github.com/libopenstorage/secrets to communicate with Vault. This
removes the need for maintaining our own limited Vault APIs.

By adding the new dependency, several other packages got updated in the
process. Unused indirect dependencies have been removed from go.mod.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-11-29 04:03:59 +00:00
..
.travis.yml rebase: vendor dependencies for Vault API 2020-11-29 04:03:59 +00:00
doc.go rebase: vendor dependencies for Vault API 2020-11-29 04:03:59 +00:00
go.mod rebase: vendor dependencies for Vault API 2020-11-29 04:03:59 +00:00
go.sum rebase: vendor dependencies for Vault API 2020-11-29 04:03:59 +00:00
LICENSE rebase: vendor dependencies for Vault API 2020-11-29 04:03:59 +00:00
Makefile rebase: vendor dependencies for Vault API 2020-11-29 04:03:59 +00:00
README.md rebase: vendor dependencies for Vault API 2020-11-29 04:03:59 +00:00
rootcerts_base.go rebase: vendor dependencies for Vault API 2020-11-29 04:03:59 +00:00
rootcerts_darwin.go rebase: vendor dependencies for Vault API 2020-11-29 04:03:59 +00:00
rootcerts.go rebase: vendor dependencies for Vault API 2020-11-29 04:03:59 +00:00

rootcerts

Functions for loading root certificates for TLS connections.


Go's standard library crypto/tls provides a common mechanism for configuring TLS connections in tls.Config. The RootCAs field on this struct is a pool of certificates for the client to use as a trust store when verifying server certificates.

This library contains utility functions for loading certificates destined for that field, as well as one other important thing:

When the RootCAs field is nil, the standard library attempts to load the host's root CA set. This behavior is OS-specific, and the Darwin implementation contains a bug that prevents trusted certificates from the System and Login keychains from being loaded. This library contains Darwin-specific behavior that works around that bug.

Example Usage

Here's a snippet demonstrating how this library is meant to be used:

func httpClient() (*http.Client, error)
	tlsConfig := &tls.Config{}
	err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{
		CAFile:      os.Getenv("MYAPP_CAFILE"),
		CAPath:      os.Getenv("MYAPP_CAPATH"),
		Certificate: os.Getenv("MYAPP_CERTIFICATE"),
	})
	if err != nil {
		return nil, err
	}
	c := cleanhttp.DefaultClient()
	t := cleanhttp.DefaultTransport()
	t.TLSClientConfig = tlsConfig
	c.Transport = t
	return c, nil
}