mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-01-10 04:18:14 +02:00
b0375e85fa
* Fix #635: Support specifying alternative provider TLS trust source(s) * Update pkg/apis/options/options.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/validation/options.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Address review comments * upd CHANGELOG.md * refactor test to assert textual subjects + add openssl gen cmd Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
25 lines
569 B
Go
25 lines
569 B
Go
package util
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"fmt"
|
|
"io/ioutil"
|
|
)
|
|
|
|
func GetCertPool(paths []string) (*x509.CertPool, error) {
|
|
if len(paths) == 0 {
|
|
return nil, fmt.Errorf("invalid empty list of Root CAs file paths")
|
|
}
|
|
pool := x509.NewCertPool()
|
|
for _, path := range paths {
|
|
data, err := ioutil.ReadFile(path)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("certificate authority file (%s) could not be read - %s", path, err)
|
|
}
|
|
if !pool.AppendCertsFromPEM(data) {
|
|
return nil, fmt.Errorf("loading certificate authority (%s) failed", path)
|
|
}
|
|
}
|
|
return pool, nil
|
|
}
|