3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-26 14:38:09 +02:00
Code Issues Projects Releases Packages Wiki Activity

bugfixes

Browse source
This commit is contained in:
Joe Kralicky 2024-11-04 14:02:40 -05:00
parent 85f06ab36b
commit bfd7cf73b3
No known key found for this signature in database
GPG key ID: 75C4875F34A9FB79
9 changed files with 43 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

8
pkg/cryptutil/tls.go
View file

@ -1,7 +1,6 @@
package cryptutil
import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/base64"
@ -15,10 +14,9 @@ import (
// GetCertPool gets a cert pool for the given CA or CAFile.
func GetCertPool(ca, caFile string) (*x509.CertPool, error) {
ctx := context.TODO()
rootCAs, err := x509.SystemCertPool()
if err != nil {
log.Ctx(ctx).Error().Err(err).Msg("pkg/cryptutil: failed getting system cert pool making new one")
log.Error().Err(err).Msg("pkg/cryptutil: failed getting system cert pool making new one")
rootCAs = x509.NewCertPool()
}
if ca == "" && caFile == "" {
@ -40,7 +38,9 @@ func GetCertPool(ca, caFile string) (*x509.CertPool, error) {
if ok := rootCAs.AppendCertsFromPEM(data); !ok {
return nil, fmt.Errorf("failed to append any PEM-encoded certificates")
}
log.Ctx(ctx).Debug().Msg("pkg/cryptutil: added custom certificate authority")
if !log.DebugDisableGlobalMessages.Load() {
log.Debug().Msg("pkg/cryptutil: added custom certificate authority")
}
return rootCAs, nil
}