i11th/opera-proxy
1
0
Fork 0
mirror of https://github.com/Alexey71/opera-proxy.git synced 2026-05-14 06:30:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

use bundled certs for proxy endpoint

Browse Source
This commit is contained in:
Vladislav Yarmak
2026-01-08 21:34:17 +02:00
parent ae89a49e2a
commit d40fcbd30e
1 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
main.go
+15 -2
View File
@@ -31,6 +31,7 @@ import (
se "github.com/Snawoot/opera-proxy/seclient" se "github.com/Snawoot/opera-proxy/seclient"
_ "golang.org/x/crypto/x509roots/fallback" _ "golang.org/x/crypto/x509roots/fallback"
"golang.org/x/crypto/x509roots/fallback/bundle"
) )
const ( const (
@@ -232,9 +233,8 @@ func run() int {
KeepAlive: 30 * time.Second, KeepAlive: 30 * time.Second,
} }
var caPool *x509.CertPool caPool := x509.NewCertPool()
if args.caFile != "" { if args.caFile != "" {
caPool = x509.NewCertPool()
certs, err := ioutil.ReadFile(args.caFile) certs, err := ioutil.ReadFile(args.caFile)
if err != nil { if err != nil {
mainLogger.Error("Can't load CA file: %v", err) mainLogger.Error("Can't load CA file: %v", err)
@@ -244,6 +244,19 @@ func run() int {
mainLogger.Error("Can't load certificates from CA file") mainLogger.Error("Can't load certificates from CA file")
return 15 return 15
} }
} else {
for c := range bundle.Roots() {
cert, err := x509.ParseCertificate(c.Certificate)
if err != nil {
mainLogger.Error("Unable to parse bundled certificate: %v", err)
return 15
}
if c.Constraint == nil {
caPool.AddCert(cert)
} else {
caPool.AddCertWithConstraint(cert, c.Constraint)
}
}
} }
xproxy.RegisterDialerType("http", proxyFromURLWrapper) xproxy.RegisterDialerType("http", proxyFromURLWrapper)