| .. | ||
| LICENSE | ||
| README.md | ||
| root.go | ||
| root_bsd.go | ||
| root_cgo_darwin.go | ||
| root_darwin.go | ||
| root_darwin_armx.go | ||
| root_linux.go | ||
| root_nacl.go | ||
| root_plan9.go | ||
| root_solaris.go | ||
| root_unix.go | ||
| root_windows.go | ||
syscerts
Gather local system certificates in Go via a public SystemRootsPool method.
What does this do?
Provide a way to gather local system certificates on different OS platforms.
How does it do it?
It uses the crypto/x509 package and provides a single public method called
SystemRootsPool() to return a *x509.CertPool object.
How do you use it?
// gather CA certs
certpool := syscerts.SystemRootsPool()
// place them in an HTTP client for trusted SSL/TLS connections
tlsConfig := &tls.Config{RootCAs: certpool}
transport := &http.Transport{TLSClientConfig: tlsConfig}
client := &http.Client{Transport: transport}
// make a request
resp, err := client.Do(req)
Why even do it?
The crypto/x509 package already has a systemRootsPool method.
The crypto/x509.systemRootsPool method is almost the same as
github.com/jackspirou/syscerts.SystemRootsPool.
The difference? The crypto/x509.systemRootsPool method is private so you
cannot access it. :(
There are plans for the crypto/x509.systemRootsPool method to become public
in Go 1.7. When this happens you might no longer need github.com/jackspirou/syscerts.SystemRootsPool.
The only reason you may still use this package after the Go 1.7 release might
be for the Mac OSX System Keychain certs which are not included in the
crypto/x509 package. Relevant lines below:
Find more about this Go issue here: https://github.com/golang/go/issues/13335