On Thu, 15 Dec 2016 16:35:09 +0000 Alex Flint <alex.fl...@gmail.com> wrote:
> Does anyone know of a golang package that embeds (go-bindata or > similar) a reasonable standard set of CA roots? Ideally such a > package would provide a ready-to-use http.Client. > > For context, I'm building minimal docker images containing go > binaries that need to make https connections to some third party APIs. In such context, why would you need that? Every sensible GNU/Linux-based OS ships a package containing such list of CA certificates, and Go built for GOOS=linux knows how to find those certs in a set of standard places. Sure, one problem with this is that the list is opinionated; on the other hand, the list of your imaginary package would be opinionated as well. On the other hand, whatever list is shipped with your base OS gets security updates and also updates which merely bring the list up-to-date (just like the time-zone information package(s)). So I'd just rely on the underlying OS. In Debian and it's derivatives it's named "ca-certificates". -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.