1 // 2 // Copyright (c) SAS Institute Inc. 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 package x509tools 18 19 import ( 20 "crypto/tls" 21 "crypto/x509" 22 "fmt" 23 "io/ioutil" 24 ) 25 26 // Load a certificate pool from a file and set it as the root CA for a TLS 27 // config. If path is empty then the system pool will be used. If the filename 28 // starts with + then both the system pool and the contents of the file will be 29 // used. 30 func LoadCertPool(path string, tconf *tls.Config) error { 31 if path == "" { 32 return nil 33 } else if path[0] == '+' { 34 pool, err := x509.SystemCertPool() 35 if err != nil { 36 return err 37 } 38 tconf.RootCAs = pool 39 path = path[1:] 40 } else { 41 tconf.RootCAs = x509.NewCertPool() 42 } 43 contents, err := ioutil.ReadFile(path) 44 if err != nil { 45 return err 46 } 47 if !tconf.RootCAs.AppendCertsFromPEM(contents) { 48 return fmt.Errorf("no CA certificates in %s", path) 49 } 50 return nil 51 } 52