prometheus/vendor/github.com/hashicorp/go-rootcerts
Julius Volz b5c833ca21
Update go.mod dependencies before release (#5883)
* Update go.mod dependencies before release

Signed-off-by: Julius Volz <julius.volz@gmail.com>

* Add issue for showing query warnings in promtool

Signed-off-by: Julius Volz <julius.volz@gmail.com>

* Revert json-iterator back to 1.1.6

It produced errors when marshaling Point values with special float
values.

Signed-off-by: Julius Volz <julius.volz@gmail.com>

* Fix expected step values in promtool tests after client_golang update

Signed-off-by: Julius Volz <julius.volz@gmail.com>

* Update generated protobuf code after proto dep updates

Signed-off-by: Julius Volz <julius.volz@gmail.com>
2019-08-14 11:00:39 +02:00
..
.travis.yml vendor: run 'go mod vendor' from scratch 2018-10-29 17:25:43 +01:00
LICENSE Discovery consul service meta (#4280) 2018-07-18 05:06:56 +01:00
Makefile Discovery consul service meta (#4280) 2018-07-18 05:06:56 +01:00
README.md Discovery consul service meta (#4280) 2018-07-18 05:06:56 +01:00
doc.go Discovery consul service meta (#4280) 2018-07-18 05:06:56 +01:00
go.mod Update go.mod dependencies before release (#5883) 2019-08-14 11:00:39 +02:00
go.sum Update go.mod dependencies before release (#5883) 2019-08-14 11:00:39 +02:00
rootcerts.go Discovery consul service meta (#4280) 2018-07-18 05:06:56 +01:00
rootcerts_base.go Discovery consul service meta (#4280) 2018-07-18 05:06:56 +01:00
rootcerts_darwin.go Discovery consul service meta (#4280) 2018-07-18 05:06:56 +01:00

README.md

rootcerts

Functions for loading root certificates for TLS connections.


Go's standard library crypto/tls provides a common mechanism for configuring TLS connections in tls.Config. The RootCAs field on this struct is a pool of certificates for the client to use as a trust store when verifying server certificates.

This library contains utility functions for loading certificates destined for that field, as well as one other important thing:

When the RootCAs field is nil, the standard library attempts to load the host's root CA set. This behavior is OS-specific, and the Darwin implementation contains a bug that prevents trusted certificates from the System and Login keychains from being loaded. This library contains Darwin-specific behavior that works around that bug.

Example Usage

Here's a snippet demonstrating how this library is meant to be used:

func httpClient() (*http.Client, error)
	tlsConfig := &tls.Config{}
	err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{
		CAFile: os.Getenv("MYAPP_CAFILE"),
		CAPath: os.Getenv("MYAPP_CAPATH"),
	})
	if err != nil {
		return nil, err
	}
	c := cleanhttp.DefaultClient()
	t := cleanhttp.DefaultTransport()
	t.TLSClientConfig = tlsConfig
	c.Transport = t
	return c, nil
}