Skip to content

Commit 9fdafef

Browse files
efectnefectn
committed
feat: add support for adding ca certs locally
1 parent 0a0cd52 commit 9fdafef

File tree

3 files changed

+36
-12
lines changed

3 files changed

+36
-12
lines changed

cmd/main.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,14 @@ package main
22

33
import (
44
"flag"
5+
"os"
6+
"os/signal"
7+
"syscall"
8+
59
"github.com/armbian/redirector"
610
"github.com/armbian/redirector/util"
711
log "github.com/sirupsen/logrus"
812
"github.com/spf13/viper"
9-
"os"
10-
"os/signal"
11-
"syscall"
1213
)
1314

1415
var (
@@ -64,7 +65,7 @@ func main() {
6465

6566
log.Info("Updating root certificates")
6667

67-
certs, err := util.LoadCACerts()
68+
certs, err := util.LoadCACerts(config.CertDataPath)
6869

6970
if err != nil {
7071
log.WithError(err).Error("Unable to load certificates")

config.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,10 @@ type Config struct {
2828
// GeoDBPath is the path to the MaxMind GeoLite2 City DB.
2929
GeoDBPath string `mapstructure:"geodb"`
3030

31+
// CertDataPath is the path to fetch CA certs from system.
32+
// If empty, CAs will be fetched from Mozilla directly.
33+
CertDataPath string `mapstructure:"certDataPath"`
34+
3135
// ASNDBPath is the path to the GeoLite2 ASN DB.
3236
ASNDBPath string `mapstructure:"asndb"`
3337

util/certificates.go

Lines changed: 27 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,46 @@
11
package util
22

33
import (
4+
"bytes"
45
"crypto/x509"
6+
"io"
7+
"net/http"
8+
"os"
9+
510
"github.com/gwatts/rootcerts/certparse"
611
log "github.com/sirupsen/logrus"
7-
"net/http"
812
)
913

1014
const (
1115
defaultDownloadURL = "https://raw.githubusercontent.com/mozilla/gecko-dev/refs/heads/master/security/nss/lib/ckfw/builtins/certdata.txt"
1216
)
1317

1418
// LoadCACerts loads the certdata from Mozilla and parses it into a CertPool.
15-
func LoadCACerts() (*x509.CertPool, error) {
16-
res, err := http.Get(defaultDownloadURL)
19+
func LoadCACerts(certPath string) (*x509.CertPool, error) {
20+
var certContents io.Reader
1721

18-
if err != nil {
19-
return nil, err
20-
}
22+
if certPath != "" {
23+
res, err := os.ReadFile(certPath)
24+
25+
if err != nil {
26+
return nil, err
27+
}
28+
29+
certContents = io.NopCloser(bytes.NewReader(res))
30+
} else {
2131

22-
defer res.Body.Close()
32+
res, err := http.Get(defaultDownloadURL)
33+
34+
if err != nil {
35+
return nil, err
36+
}
37+
38+
defer res.Body.Close()
39+
40+
certContents = res.Body
41+
}
2342

24-
certs, err := certparse.ReadTrustedCerts(res.Body)
43+
certs, err := certparse.ReadTrustedCerts(certContents)
2544

2645
if err != nil {
2746
return nil, err

0 commit comments

Comments
 (0)