extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-03-13 14:18:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
3c3a454e61
netbird/util/embeddedroots/embeddedroots.go
hakansa 0125cd97d8
[client] use embedded root CA if system certpool is empty (#3272) 
* Implement custom TLS certificate handling with fallback to embedded roots
2025-02-04 18:17:59 +03:00

43 lines
814 B
Go
Raw Blame History

package embeddedroots
import (
"crypto/x509"
_ "embed"
"sync"
)
func Get() *x509.CertPool {
rootsVar.load()
return rootsVar.p
}
type roots struct {
once sync.Once
p *x509.CertPool
}
var rootsVar roots
func (r *roots) load() {
r.once.Do(func() {
p := x509.NewCertPool()
p.AppendCertsFromPEM([]byte(isrgRootX1RootPEM))
p.AppendCertsFromPEM([]byte(isrgRootX2RootPEM))
r.p = p
})
}
// Subject: O = Internet Security Research Group, CN = ISRG Root X1
// Key type: RSA 4096
// Validity: until 2030-06-04 (generated 2015-06-04)
//
//go:embed isrg-root-x1.pem
var isrgRootX1RootPEM string
// Subject: O = Internet Security Research Group, CN = ISRG Root X2
// Key type: ECDSA P-384
// Validity: until 2035-09-04 (generated 2020-09-04)
//
//go:embed isrg-root-x2.pem
var isrgRootX2RootPEM string
Reference in New Issue View Git Blame Copy Permalink