I'm working with busybox, which does not ship with CA roots. On Sat, Dec 17, 2016 at 12:26 AM Konstantin Khomoutov < flatw...@users.sourceforge.net> wrote:
> On Thu, 15 Dec 2016 16:35:09 +0000 > Alex Flint <alex.fl...@gmail.com> wrote: > > > Does anyone know of a golang package that embeds (go-bindata or > > similar) a reasonable standard set of CA roots? Ideally such a > > package would provide a ready-to-use http.Client. > > > > For context, I'm building minimal docker images containing go > > binaries that need to make https connections to some third party APIs. > > In such context, why would you need that? Every sensible > GNU/Linux-based OS ships a package containing such list of CA > certificates, and Go built for GOOS=linux knows how to find those certs > in a set of standard places. > > Sure, one problem with this is that the list is opinionated; on the > other hand, the list of your imaginary package would be opinionated as > well. On the other hand, whatever list is shipped with your base OS > gets security updates and also updates which merely bring the list > up-to-date (just like the time-zone information package(s)). > > So I'd just rely on the underlying OS. > In Debian and it's derivatives it's named "ca-certificates". > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
