Switch from bremcl/rootcerts to x/crypto/x509roots

gokrazy / tools

this repository contains the gok CLI tool of gokrazy

https://gokrazy.org

BSD 3-Clause "New" or "Revised" License

50 stars 28 forks source link

Switch from bremcl/rootcerts to x/crypto/x509roots #59

Open stapelberg opened 1 year ago

stapelberg commented 1 year ago

We first need to add a Bundle() accessor to the x509roots/fallback package, then we can dump the certificates (in internal/packer/cacerts.go) like so:

    b := new(bytes.Buffer)
    for _, cert := range fallback.Bundle() {
        fmt.Fprintf(b, "# %s\n# %x\n", cert.Subject.String(), sha256.Sum256(cert.Raw))
        pem.Encode(b, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})
    }

    return string(b.Bytes()), nil