Version: v0.0.0-...-b94e044 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Dec 13, 2018 License: BSD-2-Clause Imports: 10 Imported by: 0



Package roots includes support for loading trusted roots from various sources.

The following are supported trusted roout sources provided:

The "system" type does not take any metadata. It will use the default system certificates provided by the operating system.

The "cfssl" provider takes keys for the CFSSL "host", "label", and "profile", and loads the returned certificate into the trust store.

The "file" provider takes a source file (specified under the "source" key) that contains one or more certificates and adds them into the source tree.



This section is empty.


View Source
var Providers = map[string]func(map[string]string) ([]*x509.Certificate, error){
	"system": system.New,
	"cfssl":  NewCFSSL,
	"file":   TrustPEM,

Providers is a mapping of supported providers and the functions that can build them.


func NewCFSSL

func NewCFSSL(metadata map[string]string) ([]*x509.Certificate, error)

NewCFSSL produces a new CFSSL root.

func TrustPEM

func TrustPEM(metadata map[string]string) ([]*x509.Certificate, error)

TrustPEM takes a source file containing one or more certificates and adds them to the trust store.


type TrustStore

type TrustStore struct {
	// contains filtered or unexported fields

A TrustStore contains a pool of certificate that are trusted for a given TLS configuration.

func New

func New(rootDefs []*core.Root) (*TrustStore, error)

New produces a new trusted root provider from a collection of roots. If there are no roots, the system roots will be used.

func (*TrustStore) Certificates

func (ts *TrustStore) Certificates() []*x509.Certificate

Certificates returns a slice of the loaded certificates.

func (*TrustStore) Pool

func (ts *TrustStore) Pool() *x509.CertPool

Pool returns a certificate pool containing the certificates loaded into the provider.

type Trusted

type Trusted interface {
	// Certificates returns a slice containing the certificates
	// that are loaded into the provider.
	Certificates() []*x509.Certificate

	// AddCert adds a new certificate into the certificate pool.
	AddCert(cert *x509.Certificate)

	// AddPEM adds a one or more PEM-encoded certificates into the
	// certificate pool.
	AddPEM(cert []byte) bool

Trusted contains a store of trusted certificates.


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL