Merge pull request #7 from stapelberg/embedded

Make available the CA certificates via separate package
breml · Nov 19, 2021 · f07ec0c · f07ec0c
2 parents ca8d6f8 + 7ca0017
commit f07ec0c
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 5 deletions.
diff --git a/data.go → embedded/data.go b/data.go → embedded/data.go
diff --git a/embedded/embedded.go b/embedded/embedded.go
@@ -0,0 +1,12 @@
+// Package embedded makes available the "Mozilla Included CA Certificate List"
+// without any side-effects (unlike package rootcerts).
+package embedded
+
+// MozillaCACertificatesPEM returns "Mozilla Included CA Certificate List"
+// (https://wiki.mozilla.org/CA/Included_Certificates) in PEM format.
+//
+// Use of these certificates is governed by Mozilla Public License 2.0
+// that can be found in the LICENSE.certificates file.
+func MozillaCACertificatesPEM() string {
+	return data
+}
diff --git a/generate_data.go b/generate_data.go
@@ -1,3 +1,4 @@
+//go:build ignore
 // +build ignore
 
 // This program generates data.go from Mozilla Included CA Certificate List.
@@ -25,7 +26,7 @@ const header = `// Code generated by generate_data. DO NOT EDIT.
 // Use of these certificates is governed by Mozilla Public License 2.0
 // that can be found in the LICENSE.certificates file.
 
-package rootcerts
+package embedded
 
 const data = `
 
@@ -43,7 +44,7 @@ func main() {
 
 	data = bytes.ReplaceAll(data, []byte("\r"), []byte{})
 
-	of, err := os.Create("data.go")
+	of, err := os.Create("embedded/data.go")
 	if err != nil {
 		fail("error creating data.go: %v", err)
 	}

diff --git a/rootcerts.go b/rootcerts.go
@@ -26,6 +26,8 @@ import (
 	"crypto/x509"
 	"os"
 	_ "unsafe" // for go:linkname
+
+	"github.com/breml/rootcerts/embedded"
 )
 
 const forceEnableEnvVar = "GO_ROOTCERTS_ENABLE"
@@ -42,7 +44,6 @@ func init() {
 	}
 
 	roots := x509.NewCertPool()
-	d := data
-	roots.AppendCertsFromPEM([]byte(d))
+	roots.AppendCertsFromPEM([]byte(embedded.MozillaCACertificatesPEM()))
 	systemRoots = roots
 }