xfy
96bd4b0ed5
将 LoadCACertPool 和 LoadCertPool 函数提取到独立的 sslutil 包, 消除 ssl 和 stream 模块中的重复实现。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
57 lines
1.4 KiB
Go
57 lines
1.4 KiB
Go
// Package sslutil provides SSL/TLS utility functions.
|
|
package sslutil
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"errors"
|
|
"fmt"
|
|
"os"
|
|
)
|
|
|
|
// LoadCertPool loads a certificate pool from a file.
|
|
// Supports PEM format certificate files that may contain multiple certificates.
|
|
//
|
|
// Parameters:
|
|
// - certFile: Certificate file path
|
|
// - context: Context description for error messages
|
|
//
|
|
// Returns:
|
|
// - *x509.CertPool: Certificate pool
|
|
// - error: Returns error if loading fails
|
|
func LoadCertPool(certFile string, context string) (*x509.CertPool, error) {
|
|
data, err := os.ReadFile(certFile)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to read certificate file: %w", err)
|
|
}
|
|
|
|
pool := x509.NewCertPool()
|
|
if !pool.AppendCertsFromPEM(data) {
|
|
return nil, fmt.Errorf("failed to parse certificates from %s", certFile)
|
|
}
|
|
|
|
return pool, nil
|
|
}
|
|
|
|
// LoadCACertPool loads a CA certificate pool from a file.
|
|
// This is a convenience function for loading CA certificates.
|
|
//
|
|
// Parameters:
|
|
// - caFile: CA certificate file path
|
|
//
|
|
// Returns:
|
|
// - *x509.CertPool: CA certificate pool
|
|
// - error: Returns error if loading fails
|
|
func LoadCACertPool(caFile string) (*x509.CertPool, error) {
|
|
data, err := os.ReadFile(caFile)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to read CA file: %w", err)
|
|
}
|
|
|
|
caPool := x509.NewCertPool()
|
|
if !caPool.AppendCertsFromPEM(data) {
|
|
return nil, errors.New("failed to parse CA certificates")
|
|
}
|
|
|
|
return caPool, nil
|
|
}
|