This pull request exposes RootCAs transport option to a user and allows the user to set their own root certificate bundle.
Motivation:
this should simplify work with services that use self-signed certificates. At the moment it is only possible if SSL certificate verification is skipped completely (insecureSkipVerify option)
some of the web servers do not provide full certificate chain, which often results in "unknown certificate authority" error. Browsers normally request the missing certificates themselves, however go's http client doesn't. One workaround would be to generate your own certificate bundle which includes both root CAs and intermidiate CAs
Details:
In this pr I made RootCAs a part of TransportOptions struct, which makes sense because it is a transport option. However, a similar insecureSkipVerify option is assigned as HttpClientOption. Should RootCAs be also assigned in a similar way as insecureSkipVerify? :thinking:
This pull request exposes RootCAs transport option to a user and allows the user to set their own root certificate bundle.
Motivation:
Details: In this pr I made
RootCAs
a part ofTransportOptions
struct, which makes sense because it is a transport option. However, a similarinsecureSkipVerify
option is assigned asHttpClientOption
. Should RootCAs be also assigned in a similar way asinsecureSkipVerify
? :thinking: