fix certificate check in the example client

2025-04-04 12:47:36 +03:00 · 2019-11-07 10:29:55 +07:00 · 2019-11-07 10:29:55 +07:00 · 4febf95c0b
commit 4febf95c0b
parent 914193cc9d
2 changed files with 18 additions and 14 deletions
--- a/example/client/main.go
+++ b/example/client/main.go
@ -3,6 +3,7 @@ package main
 import (
 	"bytes"
 	"crypto/tls"
+	"crypto/x509"
 	"flag"
 	"io"
 	"net/http"
@ -29,9 +30,14 @@ func main() {
 	}
 	logger.SetLogTimeFormat("")

+	pool, err := x509.SystemCertPool()
+	if err != nil {
+		panic(err)
+	}
+	testdata.AddRootCA(pool)
 	roundTripper := &http3.RoundTripper{
 		TLSClientConfig: &tls.Config{
-			RootCAs:            testdata.GetRootCA(),
+			RootCAs:            pool,
 			InsecureSkipVerify: *insecure,
 		},
 	}
--- a/internal/testdata/cert.go
+++ b/internal/testdata/cert.go
@ -3,7 +3,6 @@ package testdata
 import (
 	"crypto/tls"
 	"crypto/x509"
-	"encoding/pem"
 	"io/ioutil"
 	"path"
 	"runtime"
@ -36,22 +35,21 @@ func GetTLSConfig() *tls.Config {
 	}
 }

-// GetRootCA returns an x509.CertPool containing the CA certificate
-func GetRootCA() *x509.CertPool {
+// AddRootCA adds the root CA certificate to a cert pool
+func AddRootCA(certPool *x509.CertPool) {
 	caCertPath := path.Join(certPath, "ca.pem")
 	caCertRaw, err := ioutil.ReadFile(caCertPath)
 	if err != nil {
 		panic(err)
 	}
-	p, _ := pem.Decode(caCertRaw)
-	if p.Type != "CERTIFICATE" {
-		panic("expected a certificate")
+	if ok := certPool.AppendCertsFromPEM(caCertRaw); !ok {
+		panic("Could not add root ceritificate to pool.")
 	}
-	caCert, err := x509.ParseCertificate(p.Bytes)
-	if err != nil {
-		panic(err)
-	}
-	certPool := x509.NewCertPool()
-	certPool.AddCert(caCert)
-	return certPool
+}
+
+// GetRootCA returns an x509.CertPool containing (only) the CA certificate
+func GetRootCA() *x509.CertPool {
+	pool := x509.NewCertPool()
+	AddRootCA(pool)
+	return pool
 }