1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
| //go:build !windows
| // +build !windows
|
| package tls
|
| import (
| "crypto/x509"
| "sync"
| )
|
| type rootCertsCache struct {
| sync.Mutex
| pool *x509.CertPool
| }
|
| func (c *rootCertsCache) load() (*x509.CertPool, error) {
| c.Lock()
| defer c.Unlock()
|
| if c.pool != nil {
| return c.pool, nil
| }
|
| pool, err := x509.SystemCertPool()
| if err != nil {
| return nil, err
| }
| c.pool = pool
| return pool, nil
| }
|
| var rootCerts rootCertsCache
|
| func (c *Config) getCertPool() (*x509.CertPool, error) {
| if c.DisableSystemRoot {
| return c.loadSelfCertPool(Certificate_AUTHORITY_VERIFY)
| }
|
| if len(c.Certificate) == 0 {
| return rootCerts.load()
| }
|
| pool, err := x509.SystemCertPool()
| if err != nil {
| return nil, newError("system root").AtWarning().Base(err)
| }
| for _, cert := range c.Certificate {
| if !pool.AppendCertsFromPEM(cert.Certificate) {
| return nil, newError("append cert to root").AtWarning().Base(err)
| }
| }
| return pool, err
| }
|
|
