forked from TrueCloudLab/certificates
Add all root certificates by default on bootstrap methods.
This commit is contained in:
parent
d296cf95a9
commit
6d3e8ed93c
2 changed files with 10 additions and 0 deletions
|
@ -87,6 +87,9 @@ func BootstrapServer(ctx context.Context, token string, base *http.Server, optio
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Make sure the tlsConfig have all supported roots
|
||||||
|
options = append(options, AddRootsToClientCAs(), AddRootsToRootCAs())
|
||||||
|
|
||||||
tlsConfig, err := client.GetServerTLSConfig(ctx, sign, pk, options...)
|
tlsConfig, err := client.GetServerTLSConfig(ctx, sign, pk, options...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -130,6 +133,9 @@ func BootstrapClient(ctx context.Context, token string, options ...TLSOption) (*
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Make sure the tlsConfig have all supported roots
|
||||||
|
options = append(options, AddRootsToRootCAs())
|
||||||
|
|
||||||
transport, err := client.Transport(ctx, sign, pk, options...)
|
transport, err := client.Transport(ctx, sign, pk, options...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
@ -95,6 +95,8 @@ func AddClientCA(cert *x509.Certificate) TLSOption {
|
||||||
// AddRootsToRootCAs does a roots request and adds to the tls.Config RootCAs all
|
// AddRootsToRootCAs does a roots request and adds to the tls.Config RootCAs all
|
||||||
// the certificates in the response. RootCAs defines the set of root certificate
|
// the certificates in the response. RootCAs defines the set of root certificate
|
||||||
// authorities that clients use when verifying server certificates.
|
// authorities that clients use when verifying server certificates.
|
||||||
|
//
|
||||||
|
// BootstrapServer and BootstrapClient methods include this option by default.
|
||||||
func AddRootsToRootCAs() TLSOption {
|
func AddRootsToRootCAs() TLSOption {
|
||||||
return func(c *Client, tr http.RoundTripper, config *tls.Config) error {
|
return func(c *Client, tr http.RoundTripper, config *tls.Config) error {
|
||||||
certs, err := c.Roots(tr)
|
certs, err := c.Roots(tr)
|
||||||
|
@ -115,6 +117,8 @@ func AddRootsToRootCAs() TLSOption {
|
||||||
// all the certificates in the response. ClientCAs defines the set of root
|
// all the certificates in the response. ClientCAs defines the set of root
|
||||||
// certificate authorities that servers use if required to verify a client
|
// certificate authorities that servers use if required to verify a client
|
||||||
// certificate by the policy in ClientAuth.
|
// certificate by the policy in ClientAuth.
|
||||||
|
//
|
||||||
|
// BootstrapServer method includes this option by default.
|
||||||
func AddRootsToClientCAs() TLSOption {
|
func AddRootsToClientCAs() TLSOption {
|
||||||
return func(c *Client, tr http.RoundTripper, config *tls.Config) error {
|
return func(c *Client, tr http.RoundTripper, config *tls.Config) error {
|
||||||
certs, err := c.Roots(tr)
|
certs, err := c.Roots(tr)
|
||||||
|
|
Loading…
Reference in a new issue