Documentation
¶
Index ¶
- func AppendCertificate(ca []byte) (*x509.CertPool, error)
- func ConfigureTLS(t *tls.Config, c *Config) error
- func LoadCACerts(c *Config) (*x509.CertPool, error)
- func LoadCAFile(caFile string) (*x509.CertPool, error)
- func LoadCAPath(caPath string) (*x509.CertPool, error)
- func LoadSystemCAs() (*x509.CertPool, error)
- type Config
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AppendCertificate ¶
AppendCertificate appends an in-memory PEM-encoded certificate or bundle and returns a pool.
func ConfigureTLS ¶
ConfigureTLS sets up the RootCAs on the provided tls.Config based on the Config specified.
func LoadCACerts ¶
LoadCACerts loads a CertPool based on the Config specified.
func LoadCAFile ¶
LoadCAFile loads a single PEM-encoded file from the path specified.
func LoadCAPath ¶
LoadCAPath walks the provided path and loads all certificates encounted into a pool.
func LoadSystemCAs ¶
LoadSystemCAs does nothing on non-Darwin systems. We return nil so that default behavior of standard TLS config libraries is triggered, which is to load system certs.
Types ¶
type Config ¶
type Config struct {
// CAFile is a path to a PEM-encoded certificate file or bundle. Takes
// precedence over CACertificate and CAPath.
CAFile string
// CACertificate is a PEM-encoded certificate or bundle. Takes precedence
// over CAPath.
CACertificate []byte
// CAPath is a path to a directory populated with PEM-encoded certificates.
CAPath string
}
Config determines where LoadCACerts will load certificates from. When CAFile, CACertificate and CAPath are blank, this library's functions will either load system roots explicitly and return them, or set the CertPool to nil to allow Go's standard library to load system certs.
Source Files