crypto/tls.Config.RootCAs 状态
// RootCAs defines the set of root certificate authorities
// that clients use when verifying server certificates.
// If RootCAs is nil, TLS uses the host's root CA set.
在 Linux 上,“主机的根 CA 集”是从哪里获取的?我需要知道这一点才能全局添加另一个根 CA 来信任。
Zty*_*tyx 32
它搜索以下位置:https : //golang.org/src/crypto/x509/root_linux.go
摘抄
// Copyright 2015 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package x509
// Possible certificate files; stop after finding one.
var certFiles = []string{
"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL 6
"/etc/ssl/ca-bundle.pem", // OpenSUSE
"/etc/pki/tls/cacert.pem", // OpenELEC
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
"/etc/ssl/cert.pem", // Alpine Linux
}
在 Golang 的最新版本中,除了上面提到的证书路径之外,Golang 还将搜索任何证书 PEM 的一组通用目录:
/etc/ssl/certs // SLES10/SLES11
/etc/pki/tls/certs // Fedora/RHEL
/system/etc/security/cacerts // Android
Linux 操作系统的路径定义如下: https: //golang.org/src/crypto/x509/root_linux.go。实际的证书查找和添加发生在此处:https ://golang.org/src/crypto/x509/root_unix.go 。
| 归档时间: |
|
| 查看次数: |
13778 次 |
| 最近记录: |