Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Any equivalent api for x509.SystemCertPool() to get caBundle #128

Open
srinivasvenu opened this issue Jul 4, 2019 · 2 comments
Open

Any equivalent api for x509.SystemCertPool() to get caBundle #128

srinivasvenu opened this issue Jul 4, 2019 · 2 comments

Comments

@srinivasvenu
Copy link

Hi,
I could not find the api to generate the caBundle using the openssl which i have currently in crypto/x509. Following are the api's i know in crypto/x509 to generate the clientTls (tls.config)
caBundle, err := x509.SystemCertPool()
or
caBundle = x509.NewCertPool()
caBundle.AppendCertsFromPEM(caFile)

clientTls := tls.Config{
RootCAs: caBundle,
Renegotiation: tls.RenegotiateFreelyAsClient,
}

Any equivalent api's to access the openssl instead of crypto/x509..
@srinivasvenu
Copy link
Author

Does anybody have the answer to my query..actually i'm stuck with the implementation of my project at last stage due to this unknown area..

@thepaul
Copy link
Contributor

thepaul commented Jul 21, 2019

The simplest way to replace x509.SystemCertPool with something using openSSL is probably to copy the loadSystemRoots() functions from src/crypto/x509/root_*.go in the Go stdlib source, and change a few calls so that they use openSSL objects instead of x509.CertPool. For example, instead of NewCertPool() you might use openssl.NewCertificateStore().

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thepaul @srinivasvenu