Documentation
¶
Overview ¶
Package roots includes support for loading trusted roots from various sources.
The following are supported trusted roout sources provided:
The "system" type does not take any metadata. It will use the default system certificates provided by the operating system.
The "cfssl" provider takes keys for the CFSSL "host", "label", and "profile", and loads the returned certificate into the trust store.
The "file" provider takes a source file (specified under the "source" key) that contains one or more certificates and adds them into the source tree.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var Providers = map[string]func(map[string]string) ([]*x509.Certificate, error){ "system": system.New, "cfssl": NewCFSSL, "file": TrustPEM, }
Providers is a mapping of supported providers and the functions that can build them.
Functions ¶
Types ¶
type TrustStore ¶
type TrustStore struct {
// contains filtered or unexported fields
}
A TrustStore contains a pool of certificate that are trusted for a given TLS configuration.
func New ¶
func New(rootDefs []*core.Root) (*TrustStore, error)
New produces a new trusted root provider from a collection of roots. If there are no roots, the system roots will be used.
func (*TrustStore) Certificates ¶
func (ts *TrustStore) Certificates() []*x509.Certificate
Certificates returns a slice of the loaded certificates.
func (*TrustStore) Pool ¶
func (ts *TrustStore) Pool() *x509.CertPool
Pool returns a certificate pool containing the certificates loaded into the provider.
type Trusted ¶
type Trusted interface {
// Certificates returns a slice containing the certificates
// that are loaded into the provider.
Certificates() []*x509.Certificate
// AddCert adds a new certificate into the certificate pool.
AddCert(cert *x509.Certificate)
// AddPEM adds a one or more PEM-encoded certificates into the
// certificate pool.
AddPEM(cert []byte) bool
}
Trusted contains a store of trusted certificates.
Source Files
Directories