github.com/EagleQL/Xray-core@v1.4.3/transport/internet/tls/config_other.go (about)

     1  // +build !windows
     2  
     3  package tls
     4  
     5  import (
     6  	"crypto/x509"
     7  	"sync"
     8  )
     9  
    10  type rootCertsCache struct {
    11  	sync.Mutex
    12  	pool *x509.CertPool
    13  }
    14  
    15  func (c *rootCertsCache) load() (*x509.CertPool, error) {
    16  	c.Lock()
    17  	defer c.Unlock()
    18  
    19  	if c.pool != nil {
    20  		return c.pool, nil
    21  	}
    22  
    23  	pool, err := x509.SystemCertPool()
    24  	if err != nil {
    25  		return nil, err
    26  	}
    27  	c.pool = pool
    28  	return pool, nil
    29  }
    30  
    31  var rootCerts rootCertsCache
    32  
    33  func (c *Config) getCertPool() (*x509.CertPool, error) {
    34  	if c.DisableSystemRoot {
    35  		return c.loadSelfCertPool()
    36  	}
    37  
    38  	if len(c.Certificate) == 0 {
    39  		return rootCerts.load()
    40  	}
    41  
    42  	pool, err := x509.SystemCertPool()
    43  	if err != nil {
    44  		return nil, newError("system root").AtWarning().Base(err)
    45  	}
    46  	for _, cert := range c.Certificate {
    47  		if !pool.AppendCertsFromPEM(cert.Certificate) {
    48  			return nil, newError("append cert to root").AtWarning().Base(err)
    49  		}
    50  	}
    51  	return pool, err
    52  }