You've already forked armbian-router
mirror of
https://github.com/armbian/armbian-router.git
synced 2026-01-06 10:37:03 -08:00
feat: add support for adding ca certs locally
This commit is contained in:
Muhammed Efe Cetin
@@ -2,13 +2,14 @@ package main
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"os"
|
||||
"os/signal"
|
||||
"syscall"
|
||||
|
||||
"github.com/armbian/redirector"
|
||||
"github.com/armbian/redirector/util"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"github.com/spf13/viper"
|
||||
"os"
|
||||
"os/signal"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -64,7 +65,7 @@ func main() {
|
||||
|
||||
log.Info("Updating root certificates")
|
||||
|
||||
certs, err := util.LoadCACerts()
|
||||
certs, err := util.LoadCACerts(config.CertDataPath)
|
||||
|
||||
if err != nil {
|
||||
log.WithError(err).Error("Unable to load certificates")
|
||||
|
||||
@@ -28,6 +28,10 @@ type Config struct {
|
||||
// GeoDBPath is the path to the MaxMind GeoLite2 City DB.
|
||||
GeoDBPath string `mapstructure:"geodb"`
|
||||
|
||||
// CertDataPath is the path to fetch CA certs from system.
|
||||
// If empty, CAs will be fetched from Mozilla directly.
|
||||
CertDataPath string `mapstructure:"certDataPath"`
|
||||
|
||||
// ASNDBPath is the path to the GeoLite2 ASN DB.
|
||||
ASNDBPath string `mapstructure:"asndb"`
|
||||
|
||||
|
||||
@@ -1,10 +1,14 @@
|
||||
package util
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/x509"
|
||||
"io"
|
||||
"net/http"
|
||||
"os"
|
||||
|
||||
"github.com/gwatts/rootcerts/certparse"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -12,16 +16,31 @@ const (
|
||||
)
|
||||
|
||||
// LoadCACerts loads the certdata from Mozilla and parses it into a CertPool.
|
||||
func LoadCACerts() (*x509.CertPool, error) {
|
||||
res, err := http.Get(defaultDownloadURL)
|
||||
func LoadCACerts(certPath string) (*x509.CertPool, error) {
|
||||
var certContents io.Reader
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
if certPath != "" {
|
||||
res, err := os.ReadFile(certPath)
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
certContents = io.NopCloser(bytes.NewReader(res))
|
||||
} else {
|
||||
|
||||
res, err := http.Get(defaultDownloadURL)
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
defer res.Body.Close()
|
||||
|
||||
certContents = res.Body
|
||||
}
|
||||
|
||||
defer res.Body.Close()
|
||||
|
||||
certs, err := certparse.ReadTrustedCerts(res.Body)
|
||||
certs, err := certparse.ReadTrustedCerts(certContents)
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
Reference in New Issue
Block a user