envoy: implement policy TLS options (#724)

* envoy: implement policy TLS options * fix tests * log which CAs are being used
2025-05-20 04:27:19 +02:00 · 2020-05-18 16:52:51 -06:00 · 2020-05-18 16:52:51 -06:00 · e854cfe83b
commit e854cfe83b
parent e24e026ffc
10 changed files with 258 additions and 161 deletions
--- a/internal/cryptutil/certificates.go
+++ b/internal/cryptutil/certificates.go
@ -11,7 +11,6 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"math/big"
 	"net"
 	"time"
@ -38,33 +37,6 @@ func CertificateFromFile(certFile, keyFile string) (*tls.Certificate, error) {
 	return &cert, err
 }

-// CertPoolFromBase64 takes a base64 encoded string and returns a new
-// X509 certificate pool.
-func CertPoolFromBase64(encPemCerts string) (*x509.CertPool, error) {
-	b, err := base64.StdEncoding.DecodeString(encPemCerts)
-	if err != nil {
-		return nil, fmt.Errorf("couldn't decode pem %v: %w", b, err)
-	}
-	return bytesToCertPool(b)
-}
-
-// CertPoolFromFile reads a file and returns an X509 certificate pool.
-func CertPoolFromFile(pemFile string) (*x509.CertPool, error) {
-	b, err := ioutil.ReadFile(pemFile)
-	if err != nil {
-		return nil, err
-	}
-	return bytesToCertPool(b)
-}
-
-func bytesToCertPool(b []byte) (*x509.CertPool, error) {
-	certPool := x509.NewCertPool()
-	if ok := certPool.AppendCertsFromPEM(b); !ok {
-		return nil, fmt.Errorf("could append certs from PEM")
-	}
-	return certPool, nil
-}
-
 // DecodePublicKey decodes a PEM-encoded ECDSA public key.
 func DecodePublicKey(encodedKey []byte) (*ecdsa.PublicKey, error) {
 	block, _ := pem.Decode(encodedKey)