mirror of
https://github.com/containers/podman.git
synced 2025-11-28 17:18:58 +08:00
feb36e4fe6
* Added flags to point to TLS PEM files to use for exposing and connecting to an encrypted remote API socket with server and client authentication. * Added TLS fields for system connection ls templates. * Added special "tls" format for system connection ls to list TLS fields in human-readable table format. * Updated remote integration and system tests to allow specifying a "transport" to run the full suite against a unix, tcp, tls, or mtls system service. * Added system tests to verify basic operation of unix, tcp, tls, and mtls services, clients, and connections. Signed-off-by: Andrew Melnick <meln5674.5674@gmail.com>
33 lines
836 B
Go
33 lines
836 B
Go
package tlsutil
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"fmt"
|
|
"os"
|
|
)
|
|
|
|
func ReadCertBundle(path string) (*x509.CertPool, error) {
|
|
pool := x509.NewCertPool()
|
|
caPEM, err := os.ReadFile(path)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("reading cert bundle %s: %w", path, err)
|
|
}
|
|
for ix := 0; len(caPEM) != 0; ix++ {
|
|
var caDER *pem.Block
|
|
caDER, caPEM = pem.Decode(caPEM)
|
|
if caDER == nil {
|
|
return nil, fmt.Errorf("reading cert bundle %s: non-PEM data found", path)
|
|
}
|
|
if caDER.Type != "CERTIFICATE" {
|
|
return nil, fmt.Errorf("reading cert bundle %s: non-certificate type `%s` PEM data found", path, caDER.Type)
|
|
}
|
|
caCert, err := x509.ParseCertificate(caDER.Bytes)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("reading cert bundle %s: parsing item %d: %w", path, ix, err)
|
|
}
|
|
pool.AddCert(caCert)
|
|
}
|
|
return pool, nil
|
|
}
|