forked from urnetwork/connect
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnet_tls.go
More file actions
41 lines (32 loc) · 713 Bytes
/
net_tls.go
File metadata and controls
41 lines (32 loc) · 713 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
package connect
import (
"crypto/tls"
"crypto/x509"
"fmt"
_ "embed"
)
// the let's encrypt root CAs as defined at https://letsencrypt.org/certificates/
// this includes:
// - ISRG Root X1
// - ISRG Root X2
//
//go:embed net_tls_ca.pem
var tlsCaPem string
func PinnedCertPool() (*x509.CertPool, error) {
certPool := x509.NewCertPool()
if !certPool.AppendCertsFromPEM([]byte(tlsCaPem)) {
return nil, fmt.Errorf("Could not append ca certs")
}
return certPool, nil
}
func DefaultTlsConfig() (*tls.Config, error) {
certPool, err := PinnedCertPool()
if err != nil {
return nil, err
}
tlsConfig := &tls.Config{
RootCAs: certPool,
MinVersion: tls.VersionTLS12,
}
return tlsConfig, nil
}