Fix #635: Support specifying alternative provider TLS trust source(s) (#645)

* Fix #635: Support specifying alternative provider TLS trust source(s) * Update pkg/apis/options/options.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/validation/options.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Address review comments * upd CHANGELOG.md * refactor test to assert textual subjects + add openssl gen cmd Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2025-08-08 22:46:33 +02:00 · 2020-07-03 16:09:17 +01:00
parent 390d479d28
commit b0375e85fa
7 changed files with 163 additions and 18 deletions
--- a/pkg/util/util.go
+++ b/pkg/util/util.go
@ -0,0 +1,24 @@
+package util
+
+import (
+	"crypto/x509"
+	"fmt"
+	"io/ioutil"
+)
+
+func GetCertPool(paths []string) (*x509.CertPool, error) {
+	if len(paths) == 0 {
+		return nil, fmt.Errorf("invalid empty list of Root CAs file paths")
+	}
+	pool := x509.NewCertPool()
+	for _, path := range paths {
+		data, err := ioutil.ReadFile(path)
+		if err != nil {
+			return nil, fmt.Errorf("certificate authority file (%s) could not be read - %s", path, err)
+		}
+		if !pool.AppendCertsFromPEM(data) {
+			return nil, fmt.Errorf("loading certificate authority (%s) failed", path)
+		}
+	}
+	return pool, nil
+}