certSecret: "" publicCrt: public.crt privateKey: private.key ## Trusted Certificates Settings for MinIO. Ref: https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls#install-certificates-from-third-party-cas ## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret ## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt....

      }
    }

    @Throws(IOException::class)
    private fun writeCertList(
      sink: BufferedSink,
      certificates: List<Certificate>,
    ) {
      try {
        sink.writeDecimalLong(certificates.size.toLong()).writeByte('\n'.code)
        for (element in certificates) {
          val bytes = element.encoded
          val line = bytes.toByteString().base64()

 * limitations under the License.
 */
package okhttp3.internal.tls

import java.security.cert.X509Certificate
import javax.security.auth.x500.X500Principal

/** A simple index that of trusted root certificates that have been loaded into memory. */
class BasicTrustRootIndex(
  vararg caCerts: X509Certificate,
) : TrustRootIndex {
  private val subjectToCaCerts: Map<X500Principal, Set<X509Certificate>>

  init {

  /** Returns a possibly-empty list of certificates that identify this peer. */
  @get:JvmName("localCertificates") val localCertificates: List<Certificate>,
  // Delayed provider of peerCertificates, to allow lazy cleaning.
  peerCertificatesFn: () -> List<Certificate>,
) {
  /** Returns a possibly-empty list of certificates that identify the remote peer. */
  @get:JvmName("peerCertificates")

FROM golang:1.24-alpine AS build

ARG TARGETARCH
ARG RELEASE

ENV GOPATH=/go
ENV CGO_ENABLED=0

WORKDIR /build

# Install curl and minisign
RUN apk add -U --no-cache ca-certificates && \
    apk add -U --no-cache curl && \
    apk add -U --no-cache bash && \
    go install aead.dev/minisign/cmd/minisign@v0.2.1

# Download minio binary and signature files

FROM golang:1.24-alpine AS build

ARG TARGETARCH
ARG RELEASE

ENV GOPATH=/go
ENV CGO_ENABLED=0

# Install curl and minisign
RUN apk add -U --no-cache ca-certificates && \
    apk add -U --no-cache curl && \
    go install aead.dev/minisign/cmd/minisign@v0.2.1

# Download minio binary and signature files
RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \

### Certificate Directory

TLS certificates by default are expected to be stored under ``${HOME}/.minio/certs`` directory. You need to place certificates here to enable `HTTPS` based access. Read more about [How to secure access to MinIO server with TLS](https://docs.min.io/community/minio-object-store/operations/network-encryption.html).

Following is a sample directory structure for MinIO server with TLS certificates.

```sh
$ mc tree --files ~/.minio

public final class okhttp3/tls/Certificates {
	public static final fun certificatePem (Ljava/security/cert/X509Certificate;)Ljava/lang/String;
	public static final fun decodeCertificatePem (Ljava/lang/String;)Ljava/security/cert/X509Certificate;
}

public final class okhttp3/tls/HandshakeCertificates {
	public final fun -deprecated_keyManager ()Ljavax/net/ssl/X509KeyManager;
	public final fun -deprecated_trustManager ()Ljavax/net/ssl/X509TrustManager;

import java.security.cert.X509Certificate
import java.util.ArrayDeque
import java.util.Deque
import javax.net.ssl.SSLPeerUnverifiedException

/**
 * A certificate chain cleaner that uses a set of trusted root certificates to build the trusted
 * chain. This class duplicates the clean chain building performed during the TLS handshake. We
 * prefer other mechanisms where they exist, such as with

                 sts_ep='http://localhost:9000'):
        self.cid = cid
        self.csec = csec
        self.idp_ep = idp_ep
        self.sts_ep = sts_ep

        # Load CA certificates from SSL_CERT_FILE file if set
        ca_certs = os.environ.get('SSL_CERT_FILE')
        if not ca_certs:
            ca_certs = certifi.where()

        self._http = urllib3.PoolManager(