packer-cn/vendor/github.com/hashicorp/go-rootcerts
Adrien Delorme 4ebcbad332
update consul and vault dependencies (#9205)
* update consul and vault dependencies

* update triton sign call accorting to https://github.com/joyent/triton-go/pull/135

* Delete readme.md

* put back github.com/mitchellh/reflectwalk to v1.0.0 and explain why

* fix/fixer_pp_docker_tag_tags.go: simplify deduplication loop and keep seen/stable order
2020-05-11 15:26:01 -04:00
..
.travis.yml
LICENSE
Makefile
README.md
doc.go
go.mod
go.sum
rootcerts.go
rootcerts_base.go
rootcerts_darwin.go

README.md

rootcerts

Functions for loading root certificates for TLS connections.


Go's standard library crypto/tls provides a common mechanism for configuring TLS connections in tls.Config. The RootCAs field on this struct is a pool of certificates for the client to use as a trust store when verifying server certificates.

This library contains utility functions for loading certificates destined for that field, as well as one other important thing:

When the RootCAs field is nil, the standard library attempts to load the host's root CA set. This behavior is OS-specific, and the Darwin implementation contains a bug that prevents trusted certificates from the System and Login keychains from being loaded. This library contains Darwin-specific behavior that works around that bug.

Example Usage

Here's a snippet demonstrating how this library is meant to be used:

func httpClient() (*http.Client, error)
	tlsConfig := &tls.Config{}
	err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{
		CAFile:      os.Getenv("MYAPP_CAFILE"),
		CAPath:      os.Getenv("MYAPP_CAPATH"),
		Certificate: os.Getenv("MYAPP_CERTIFICATE"),
	})
	if err != nil {
		return nil, err
	}
	c := cleanhttp.DefaultClient()
	t := cleanhttp.DefaultTransport()
	t.TLSClientConfig = tlsConfig
	c.Transport = t
	return c, nil
}