open-nomad/vendor/github.com/hashicorp/go-rootcerts
Seth Hoenig 435c0d9fc8 deps: Switch to Go modules for dependency management
This PR switches the Nomad repository from using govendor to Go modules
for managing dependencies. Aspects of the Nomad workflow remain pretty
much the same. The usual Makefile targets should continue to work as
they always did. The API submodule simply defers to the parent Nomad
version on the repository, keeping the semantics of API versioning that
currently exists.
2020-06-02 14:30:36 -05:00
..
.travis.yml deps: Switch to Go modules for dependency management 2020-06-02 14:30:36 -05:00
doc.go vendor + api 2016-08-17 16:23:29 -07:00
go.mod Add option to set certificate in-memory via SDK 2019-12-16 10:59:27 +01:00
go.sum Add option to set certificate in-memory via SDK 2019-12-16 10:59:27 +01:00
LICENSE vendor + api 2016-08-17 16:23:29 -07:00
Makefile vendor + api 2016-08-17 16:23:29 -07:00
README.md Add option to set certificate in-memory via SDK 2019-12-16 10:59:27 +01:00
rootcerts.go Add option to set certificate in-memory via SDK 2019-12-16 10:59:27 +01:00
rootcerts_base.go vendor + api 2016-08-17 16:23:29 -07:00
rootcerts_darwin.go vendor + api 2016-08-17 16:23:29 -07:00

rootcerts

Functions for loading root certificates for TLS connections.


Go's standard library crypto/tls provides a common mechanism for configuring TLS connections in tls.Config. The RootCAs field on this struct is a pool of certificates for the client to use as a trust store when verifying server certificates.

This library contains utility functions for loading certificates destined for that field, as well as one other important thing:

When the RootCAs field is nil, the standard library attempts to load the host's root CA set. This behavior is OS-specific, and the Darwin implementation contains a bug that prevents trusted certificates from the System and Login keychains from being loaded. This library contains Darwin-specific behavior that works around that bug.

Example Usage

Here's a snippet demonstrating how this library is meant to be used:

func httpClient() (*http.Client, error)
	tlsConfig := &tls.Config{}
	err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{
		CAFile:      os.Getenv("MYAPP_CAFILE"),
		CAPath:      os.Getenv("MYAPP_CAPATH"),
		Certificate: os.Getenv("MYAPP_CERTIFICATE"),
	})
	if err != nil {
		return nil, err
	}
	c := cleanhttp.DefaultClient()
	t := cleanhttp.DefaultTransport()
	t.TLSClientConfig = tlsConfig
	c.Transport = t
	return c, nil
}