github.com/xraypb/xray-core@v1.6.6/transport/internet/tls/config_other.go (about) 1 //go:build !windows 2 // +build !windows 3 4 package tls 5 6 import ( 7 "crypto/x509" 8 "sync" 9 ) 10 11 type rootCertsCache struct { 12 sync.Mutex 13 pool *x509.CertPool 14 } 15 16 func (c *rootCertsCache) load() (*x509.CertPool, error) { 17 c.Lock() 18 defer c.Unlock() 19 20 if c.pool != nil { 21 return c.pool, nil 22 } 23 24 pool, err := x509.SystemCertPool() 25 if err != nil { 26 return nil, err 27 } 28 c.pool = pool 29 return pool, nil 30 } 31 32 var rootCerts rootCertsCache 33 34 func (c *Config) getCertPool() (*x509.CertPool, error) { 35 if c.DisableSystemRoot { 36 return c.loadSelfCertPool() 37 } 38 39 if len(c.Certificate) == 0 { 40 return rootCerts.load() 41 } 42 43 pool, err := x509.SystemCertPool() 44 if err != nil { 45 return nil, newError("system root").AtWarning().Base(err) 46 } 47 for _, cert := range c.Certificate { 48 if !pool.AppendCertsFromPEM(cert.Certificate) { 49 return nil, newError("append cert to root").AtWarning().Base(err) 50 } 51 } 52 return pool, err 53 }