breml
Repos
135
Followers
92
Following
122

Go package to embed the Mozilla Included CA Certificate List

86
5

Go linter that checks types that are json encoded - reports unsupported types and unnecessary error checks

28
3

logstash-config provides a parser and abstract syntax tree (AST) for the Logstash config format, written in Go

26
6

Go linter which checks for dangerous unicode character sequences

27
2

Command pigeon generates parsers in Go from a PEG grammar.

696
50

Events

delete branch
breml delete branch meetup-2022-11-28
Created at 1 day ago

Add meetup 2022-11-28

Add slides for charm talk

Merge pull request #1 from bernergo/meetup-2022-11-28

Add meetup 2022-11-28

Created at 1 day ago
pull request closed
Add meetup 2022-11-28

I don't have the slides from Lena yet and I am not sure, if we can get something from Tom.

Created at 1 day ago

Add slides for charm talk

Created at 1 day ago
pull request opened
Add meetup 2022-11-28

I don't have the slides from Lena yet and I am not sure, if we can get something from Tom.

Created at 1 day ago
create branch
breml create branch meetup-2022-11-28
Created at 1 day ago

Cleanup after the meetup

Add license

Created at 1 day ago
pull request opened
buzzer: tone duration float64, no tone during rest
Created at 5 days ago
create branch
breml create branch fix-buzzer
Created at 5 days ago
issue comment
machine/nrf51: add ADC implementation

@deadprogram thanks for this PR.

I just successfully tested this code with a micro:bit V1.5 and an Octopus Analog Rotation Brick. Works like a charm.

The range that I observed is 64 to 65344. So I wonder, if we could do better in extrapolating the 10bit value to 16bit.

Created at 5 days ago
Created at 6 days ago
started
Created at 1 week ago
issue comment
crypto/x509: add crypto/x509/rootcerts package and rootcerts tag to embed CA root certificates in program

@pete-woods Thinking of it a little bit more, there might be a way of setting the environment variable from code in an import, that is loaded before SetFallbackRoots is called (similar to how it is done in the unit tests in https://github.com/golang/go/commit/04d6aa6514617d5284f0657928eccb579a0f42e2#diff-aab8875f722653c06a57f1a4509bdad43391f1e2dc9555644a56beeaf96bb808R91).

Created at 1 week ago
issue comment
crypto/x509: add crypto/x509/rootcerts package and rootcerts tag to embed CA root certificates in program

Hi @pete-woods

I'm not 100% sure I follow all the discussions, but one thing in particular we (at CircleCI) would like out of this (besides the FROM scratch Docker scenario) is to force the Go based certificate store, even when os-provided certificates are present. E.g. someone runs our software in an old Docker image with an out of date set of rootcerts in.

https://github.com/golang/go/issues/43958#issuecomment-1317868626 summarizes how this will work. So I guess, your use case is (only) partly solved. Whenever a user needs to force the Go embedded certificates (e.g. because the os-provided roots are out of date), he will need to pass the GODEBUG= x509usefallbackroots=1 environment variable. I pushed for a feature like the one you are requesting, but I had no support, so this was not included.

Created at 1 week ago
Created at 1 week ago
Created at 1 week ago
Created at 1 week ago
Created at 2 weeks ago
issue comment
proposal: crypto/x509: add crypto/x509/rootcerts package and rootcerts tag to embed CA root certificates in program

On macOS and Windows, the fallback would normally not be reachable, because the OS verifier is always there. What does x509usefallbackroots do on those platforms? Does it make the fallback available anyway?

In my opinion, the GODEBUG variable should force the usage of the embedded certificates regardless of the operating system. There exist very old installations of especially Windows systems in the wild, where the root certificates provided by the system might be outdated as well. In such a case, the GODEBUG force fallback should allow to force the respective Go application to use the embedded certificates regardless of the fact, that a Windows system always provides some set of root certificates via the OS verifier. For me, the GODEBUG option indicates that the user wants to use the embedded certificates in any case.

What happens if x509usefallbackroots is set but SetFallbackRoots was not called? An error? A panic? Is it ignored?

I am fine with the GODEBUG x509usefallbackroots getting ignored, if no fallback roots are set. If we decide to go with the panic, it is important in my opinion, that this panic is happening during initialization of the application. I don't like an application to panic only after some time, when a certificate is actually used (imaging a long running service, which occasionally queries an API via HTTPS and then only fails when the first call to the API is executed). I have not looked into the implementation, so I can not judge, if an error is a viable solution.

SSL_CERT_FILE=/dev/null SSL_CERT_DIR=/dev/null is certainly not the prettiest, but at least it has very clear semantics: it only applies to Linux because SSL_CERT_FILE/DIR do, and if there are no fallback roots you get an error.

Again, I don't think the fallback certificates should be limited to *nix OS.

Created at 2 weeks ago