Skip to content

(Go Distribution) A carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.

License

Notifications You must be signed in to change notification settings

certifi/gocertifi

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GoCertifi: SSL Certificates for Golang

This Go package contains a CA bundle that you can reference in your Go code. This is useful for systems that do not have CA bundles that Golang can find itself, or where a uniform set of CAs is valuable.

This is the same CA bundle that ships with the Python Requests library, and is a Golang specific port of certifi. The CA bundle is derived from Mozilla's canonical set.

Usage

You can use the gocertifi package as follows:

import "github.com/certifi/gocertifi"

certPool, err := gocertifi.CACerts()

You can use the returned *x509.CertPool as part of an HTTP transport, for example:

import (
	"net/http"
	"crypto/tls"
)

// Setup an HTTP client with a custom transport
transport := &http.Transport{
	Proxy: ProxyFromEnvironment,
	DialContext: (&net.Dialer{
		Timeout:   30 * time.Second,
		KeepAlive: 30 * time.Second,
		DualStack: true,
	}).DialContext,
	ForceAttemptHTTP2:     true,
	MaxIdleConns:          100,
	IdleConnTimeout:       90 * time.Second,
	TLSHandshakeTimeout:   10 * time.Second,
	ExpectContinueTimeout: 1 * time.Second,
}
// or, starting with go1.13 simply use:
// transport := http.DefaultTransport.(*http.Transport).Clone()

transport.TLSClientConfig = &tls.Config{RootCAs: certPool}
client := &http.Client{Transport: transport}

// Make an HTTP request using our custom transport
resp, err := client.Get("https://example.com")

Detailed Documentation

Import as follows:

import "github.com/certifi/gocertifi"

Functions

func CACerts() (*x509.CertPool, error)

CACerts builds an X.509 certificate pool containing the Mozilla CA Certificate bundle. This can't actually error and always returns successfully with nil as the error. This will be replaced in v2 to only return the CertPool.

About

(Go Distribution) A carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages