TUN-2943: Copy certutil from edge into cloudflared

2025-07-28 05:59:58 +00:00 · 2020-05-01 15:59:52 -05:00
parent dd0881f32b
commit 2cf327ba01
35 changed files with 3720 additions and 11890 deletions
--- a/vendor/github.com/certifi/gocertifi/README.md
+++ b/vendor/github.com/certifi/gocertifi/README.md
@@ -9,14 +9,14 @@ This is the same CA bundle that ships with the
 Golang specific port of [certifi](https://github.com/kennethreitz/certifi). The
 CA bundle is derived from Mozilla's canonical set.

-## Usage
+## Usage

 You can use the `gocertifi` package as follows:

 ```go
 import "github.com/certifi/gocertifi"

-cert_pool, err := gocertifi.CACerts()
+certPool, err := gocertifi.CACerts()
 ```

 You can use the returned `*x509.CertPool` as part of an HTTP transport, for example:
@@ -29,8 +29,22 @@ import (

 // Setup an HTTP client with a custom transport
 transport := &http.Transport{
-	TLSClientConfig: &tls.Config{RootCAs: cert_pool},
+  Proxy: ProxyFromEnvironment,
+  DialContext: (&net.Dialer{
+    Timeout:   30 * time.Second,
+    KeepAlive: 30 * time.Second,
+    DualStack: true,
+  }).DialContext,
+  ForceAttemptHTTP2:     true,
+  MaxIdleConns:          100,
+  IdleConnTimeout:       90 * time.Second,
+  TLSHandshakeTimeout:   10 * time.Second,
+  ExpectContinueTimeout: 1 * time.Second,
 }
+// or, starting with go1.13 simply use:
+// transport := http.DefaultTransport.(*http.Transport).Clone()
+
+transport.TLSClientConfig = &tls.Config{RootCAs: certPool}
 client := &http.Client{Transport: transport}

 // Make an HTTP request using our custom transport