Pull in TLS certificates from certifi rather than relying on OS certs (…

…#104) Fixes #103
getsentry · Sep 8, 2016 · 379f8d0 · 379f8d0
1 parent 97d0caf
commit 379f8d0
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 4 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -12,6 +12,7 @@ go:
 before_install:
   - go install -race std
   - go get golang.org/x/tools/cmd/cover
+  - go get -v ./...
 
 script:
   - go test -v -race ./...

diff --git a/Dockerfile.test b/Dockerfile.test
@@ -1,4 +1,4 @@
-FROM golang:1.6
+FROM golang:1.7
 
 RUN mkdir -p /go/src/github.com/getsentry/raven-go
 WORKDIR /go/src/github.com/getsentry/raven-go
@@ -8,4 +8,6 @@ RUN go install -race std && go get golang.org/x/tools/cmd/cover
 
 COPY . /go/src/github.com/getsentry/raven-go
 
+RUN go get -v ./...
+
 CMD ["./runtests.sh"]
diff --git a/client.go b/client.go
@@ -5,20 +5,24 @@ import (
 	"bytes"
 	"compress/zlib"
 	"crypto/rand"
+	"crypto/tls"
 	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
+	"log"
 	"net/http"
 	"net/url"
 	"os"
 	"runtime"
 	"strings"
 	"sync"
 	"time"
+
+	"github.com/certifi/gocertifi"
 )
 
 const (
@@ -298,9 +302,24 @@ func (c *context) interfaces() []Interface {
 // Packets will be dropped if the buffer is full. Used by NewClient.
 var MaxQueueBuffer = 100
 
+func newTransport() Transport {
+	t := &HTTPTransport{}
+	rootCAs, err := gocertifi.CACerts()
+	if err != nil {
+		log.Println("raven: failed to load root TLS certificates:", err)
+	} else {
+		t.Client = &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{RootCAs: rootCAs},
+			},
+		}
+	}
+	return t
+}
+
 func newClient(tags map[string]string) *Client {
 	client := &Client{
-		Transport: &HTTPTransport{},
+		Transport: newTransport(),
 		Tags:      tags,
 		context:   &context{},
 		queue:     make(chan *outgoingPacket, MaxQueueBuffer),
@@ -708,7 +727,7 @@ func ClearContext()                      { DefaultClient.ClearContext() }
 // HTTPTransport is the default transport, delivering packets to Sentry via the
 // HTTP API.
 type HTTPTransport struct {
-	Http http.Client
+	*http.Client
 }
 
 func (t *HTTPTransport) Send(url, authHeader string, packet *Packet) error {
@@ -721,7 +740,7 @@ func (t *HTTPTransport) Send(url, authHeader string, packet *Packet) error {
 	req.Header.Set("X-Sentry-Auth", authHeader)
 	req.Header.Set("User-Agent", userAgent)
 	req.Header.Set("Content-Type", contentType)
-	res, err := t.Http.Do(req)
+	res, err := t.Do(req)
 	if err != nil {
 		return err
 	}