v1.0.0

2025-08-23 01:56:48 +08:00 · 2020-11-25 19:01:53 +08:00
parent 47d23e9972
commit c7f7c08ead
711 changed files with 82154 additions and 2 deletions
--- a/transport/internet/tls/config_other.go
+++ b/transport/internet/tls/config_other.go
@@ -0,0 +1,53 @@
+// +build !windows
+// +build !confonly
+
+package tls
+
+import (
+	"crypto/x509"
+	"sync"
+)
+
+type rootCertsCache struct {
+	sync.Mutex
+	pool *x509.CertPool
+}
+
+func (c *rootCertsCache) load() (*x509.CertPool, error) {
+	c.Lock()
+	defer c.Unlock()
+
+	if c.pool != nil {
+		return c.pool, nil
+	}
+
+	pool, err := x509.SystemCertPool()
+	if err != nil {
+		return nil, err
+	}
+	c.pool = pool
+	return pool, nil
+}
+
+var rootCerts rootCertsCache
+
+func (c *Config) getCertPool() (*x509.CertPool, error) {
+	if c.DisableSystemRoot {
+		return c.loadSelfCertPool()
+	}
+
+	if len(c.Certificate) == 0 {
+		return rootCerts.load()
+	}
+
+	pool, err := x509.SystemCertPool()
+	if err != nil {
+		return nil, newError("system root").AtWarning().Base(err)
+	}
+	for _, cert := range c.Certificate {
+		if !pool.AppendCertsFromPEM(cert.Certificate) {
+			return nil, newError("append cert to root").AtWarning().Base(err)
+		}
+	}
+	return pool, err
+}