一尘不染

Golang从哪里获取根CA?

go

crypto/tls.Config.RootCAs 状态

// RootCAs defines the set of root certificate authorities
// that clients use when verifying server certificates.
// If RootCAs is nil, TLS uses the host's root CA set.

在Linux上,从哪里获得“主机的根CA集”? 我需要知道这一点,以便能够全局添加另一个要信任的根CA。


阅读 345

收藏
2020-07-02

共1个答案

一尘不染

它在以下位置搜索:https :
//golang.org/src/crypto/x509/root_linux.go

摘抄

// Copyright 2015 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package x509

// Possible certificate files; stop after finding one.
var certFiles = []string{
    "/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
    "/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6
    "/etc/ssl/ca-bundle.pem",                            // OpenSUSE
    "/etc/pki/tls/cacert.pem",                           // OpenELEC
    "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
    "/etc/ssl/cert.pem",                                 // Alpine Linux
}
2020-07-02