openssl icon indicating copy to clipboard operation
openssl copied to clipboard
verified publisher icon spacemonkeygo

Any equivalent api for x509.SystemCertPool() to get caBundle

Open srinivasvenu opened this issue 6 years ago • 2 comments

Hi, I could not find the api to generate the caBundle using the openssl which i have currently in crypto/x509. Following are the api's i know in crypto/x509 to generate the clientTls (tls.config) caBundle, err := x509.SystemCertPool() or caBundle = x509.NewCertPool() caBundle.AppendCertsFromPEM(caFile)

clientTls := tls.Config{ RootCAs: caBundle, Renegotiation: tls.RenegotiateFreelyAsClient, }

Any equivalent api's to access the openssl instead of crypto/x509..

srinivasvenu avatar Jul 04 '19 13:07 srinivasvenu

Does anybody have the answer to my query..actually i'm stuck with the implementation of my project at last stage due to this unknown area..

srinivasvenu avatar Jul 05 '19 05:07 srinivasvenu

The simplest way to replace x509.SystemCertPool with something using openSSL is probably to copy the loadSystemRoots() functions from src/crypto/x509/root_*.go in the Go stdlib source, and change a few calls so that they use openSSL objects instead of x509.CertPool. For example, instead of NewCertPool() you might use openssl.NewCertificateStore().

thepaul avatar Jul 21 '19 20:07 thepaul