Documentation ¶
Overview ¶
Package rootcerts provides a Go conversion of Mozilla's certdata.txt file, extracting trusted CA certificates only.
It was generated using the gencerts tool using the following command line:
gencerts -download -target rootcerts.go -package rootcerts
This package allows for the embedding of root CA certificates directly into a Go executable, reducing or negating the need for Go to have access to root certificates provided by the operating system in order to validate certificates issued by those authorities.
Root certificates can be accessed through this package, or may be easily installed into the http package's DefaultTransport by calling UpdateDefaultTransport.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ServerCertPool ¶
ServerCertPool returns a pool containing all root CA certificates that are trusted for issuing server certificates.
func UpdateDefaultTransport ¶
func UpdateDefaultTransport() error
UpdateDefaultTransport updates the configuration for http.DefaultTransport to use the root CA certificates defined here when used as an HTTP client.
It will return an error if the DefaultTransport is not actually an *http.Transport.
Types ¶
type Cert ¶
type Cert struct { Label string Serial string Trust TrustLevel DER []byte }
A Cert defines a single unparsed certificate.
func Certs ¶
func Certs() []Cert
Certs returns all trusted certificates extracted from certdata.txt.
func CertsByTrust ¶
func CertsByTrust(t TrustLevel) (result []Cert)
CertsByTrust returns only those certificates that match all bits of the specified TrustLevel.
func (*Cert) X509Cert ¶
func (c *Cert) X509Cert() *x509.Certificate
X509Cert parses the certificate into a *x509.Certificate.
type TrustLevel ¶
type TrustLevel int
TrustLevel defines for which purposes the certificate is trusted to issue certificates (ie. to act as a CA)
const ( ServerTrustedDelegator TrustLevel = 1 << iota // Trusted for issuing server certificates EmailTrustedDelegator // Trusted for issuing email certificates CodeTrustedDelegator // Trusted for issuing code signing certificates )
Directories ¶
Path | Synopsis |
---|---|
Package certparse parses root CA certificates from a Mozilla NSS certdata.txt io.Reader.
|
Package certparse parses root CA certificates from a Mozilla NSS certdata.txt io.Reader. |
Command gencerts converts root CA certificates from the Mozilla NSS project to a .go file.
|
Command gencerts converts root CA certificates from the Mozilla NSS project to a .go file. |