Set RootCAs to nil in default case. #92

errm · 2019-03-15T14:45:25Z

Currently we create an empty CA store, which is not a very useful
default.

The documentation for cryto/tls#Config says:

If RootCAs is nil, TLS uses the host's root CA set.

I want to use this with confluent cloud, that is using certificates
signed by a proper root CA. So loading the system CAs makes everything
work properly just by enabling tls --tls.enabled

Currently we create an empty CA store, which is not a very useful default. The documentation for [cryto/tls#Config](https://godoc.org/crypto/tls#Config) says: > If RootCAs is nil, TLS uses the host's root CA set. I want to use this with confluent cloud, that is using certificates signed by a proper root CA. So loading the system CAs makes everything work properly just by enabling tls `--tls.enabled`

errm · 2023-01-09T10:55:22Z

📝 @danielqsj ... this is still an issue... any chance you could review this PR?

danielqsj · 2023-01-09T11:22:27Z

@errm sorry, I miss this. LGTM, thanks~

walterwanderley mentioned this pull request Dec 8, 2021

Load SystemCertPool if CAFile is not provided #285

Closed

errm force-pushed the host-root-cas branch from 65331a8 to 3852615 Compare January 9, 2023 10:52

danielqsj merged commit 9d9cd65 into danielqsj:master Jan 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set RootCAs to nil in default case. #92

Set RootCAs to nil in default case. #92

errm commented Mar 15, 2019

errm commented Jan 9, 2023

danielqsj commented Jan 9, 2023

Set RootCAs to nil in default case. #92

Set RootCAs to nil in default case. #92

Conversation

errm commented Mar 15, 2019

errm commented Jan 9, 2023

danielqsj commented Jan 9, 2023