Skip to content

Deprecate Embedded Certs #4625

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
SyntaxNode wants to merge 2 commits into
base: master
Choose a base branch
from
+27 −3,691
Open

Deprecate Embedded Certs #4625

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fef3d30
Deprecate Embedded Certs
SyntaxNode Dec 3, 2025
f3f674c
update names and comments
SyntaxNode Dec 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,6 @@ type Configuration struct {
AccountDefaults Account `mapstructure:"account_defaults"`
// accountDefaultsJSON is the internal serialized form of AccountDefaults used for json merge
accountDefaultsJSON json.RawMessage
// CertsUseSystem will use the host OS certificates instead of embedded certs.
CertsUseSystem bool `mapstructure:"certificates_use_system"`
// Local private file containing SSL certificates
PemCertsFile string `mapstructure:"certificates_file"`
// Custom headers to handle request timeouts from queueing infrastructure
Expand Down Expand Up @@ -1252,7 +1250,6 @@ func SetupViper(v *viper.Viper, filename string, bidderInfos BidderInfos) {
v.SetDefault("compression.response.enable_gzip", false)
v.SetDefault("compression.request.enable_gzip", false)

v.SetDefault("certificates_use_system", false)
v.SetDefault("certificates_file", "")

v.SetDefault("auto_gen_source_tid", true)
Expand Down
2 changes: 0 additions & 2 deletions config/config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -600,7 +600,6 @@ analytics:
- code: agma-code
publisher_id: publisher-id
site_app_id: site-or-app-id
certificates_use_system: true
`)

func cmpStrings(t *testing.T, key, expected, actual string) {
Expand Down Expand Up @@ -949,7 +948,6 @@ func TestFullConfig(t *testing.T) {
cmpStrings(t, "analytics.agma.accounts.0.publisher_id", "publisher-id", cfg.Analytics.Agma.Accounts[0].PublisherId)
cmpStrings(t, "analytics.agma.accounts.0.code", "agma-code", cfg.Analytics.Agma.Accounts[0].Code)
cmpStrings(t, "analytics.agma.accounts.0.site_app_id", "site-or-app-id", cfg.Analytics.Agma.Accounts[0].SiteAppId)
cmpBools(t, "certificates_use_system", true, cfg.CertsUseSystem)
}

func TestValidateConfig(t *testing.T) {
Expand Down
7 changes: 3 additions & 4 deletions router/router.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,15 +128,14 @@ func New(cfg *config.Configuration, rateConvertor *currency.RateConverter) (r *R
Router: httprouter.New(),
}

// For bid processing, we need both the hardcoded certificates and the certificates found in container's
// local file system
certPool, certPoolCreateErr := ssl.CreateCertPool(cfg.CertsUseSystem)
certPool, certPoolCreateErr := ssl.CreateCertPool()
if certPoolCreateErr != nil {
glog.Infof("Could not load root certificates: %s \n", certPoolCreateErr.Error())
}

// load optional PEM certificate files
var readCertErr error
certPool, readCertErr = ssl.AppendPEMFileToRootCAPool(certPool, cfg.PemCertsFile)
certPool, readCertErr = ssl.AppendPEMFileToCertPool(certPool, cfg.PemCertsFile)
if readCertErr != nil {
glog.Infof("Could not read certificates file: %s \n", readCertErr.Error())
}
Expand Down
Loading
Loading