Source file
src/crypto/x509/root_unix.go
1
2
3
4
5
6
7 package x509
8
9 import (
10 "io/ioutil"
11 "os"
12 "path/filepath"
13 "strings"
14 )
15
16
17
18 var certDirectories = []string{
19 "/etc/ssl/certs",
20 "/system/etc/security/cacerts",
21 "/usr/local/share/certs",
22 "/etc/pki/tls/certs",
23 "/etc/openssl/certs",
24 "/var/ssl/certs",
25 }
26
27 const (
28
29
30 certFileEnv = "SSL_CERT_FILE"
31
32
33
34
35
36 certDirEnv = "SSL_CERT_DIR"
37 )
38
39 func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
40 return nil, nil
41 }
42
43 func loadSystemRoots() (*CertPool, error) {
44 roots := NewCertPool()
45
46 files := certFiles
47 if f := os.Getenv(certFileEnv); f != "" {
48 files = []string{f}
49 }
50
51 var firstErr error
52 for _, file := range files {
53 data, err := ioutil.ReadFile(file)
54 if err == nil {
55 roots.AppendCertsFromPEM(data)
56 break
57 }
58 if firstErr == nil && !os.IsNotExist(err) {
59 firstErr = err
60 }
61 }
62
63 dirs := certDirectories
64 if d := os.Getenv(certDirEnv); d != "" {
65
66
67
68
69 dirs = strings.Split(d, ":")
70 }
71
72 for _, directory := range dirs {
73 fis, err := readUniqueDirectoryEntries(directory)
74 if err != nil {
75 if firstErr == nil && !os.IsNotExist(err) {
76 firstErr = err
77 }
78 continue
79 }
80 for _, fi := range fis {
81 data, err := ioutil.ReadFile(directory + "/" + fi.Name())
82 if err == nil {
83 roots.AppendCertsFromPEM(data)
84 }
85 }
86 }
87
88 if len(roots.certs) > 0 || firstErr == nil {
89 return roots, nil
90 }
91
92 return nil, firstErr
93 }
94
95
96
97 func readUniqueDirectoryEntries(dir string) ([]os.FileInfo, error) {
98 fis, err := ioutil.ReadDir(dir)
99 if err != nil {
100 return nil, err
101 }
102 uniq := fis[:0]
103 for _, fi := range fis {
104 if !isSameDirSymlink(fi, dir) {
105 uniq = append(uniq, fi)
106 }
107 }
108 return uniq, nil
109 }
110
111
112
113 func isSameDirSymlink(fi os.FileInfo, dir string) bool {
114 if fi.Mode()&os.ModeSymlink == 0 {
115 return false
116 }
117 target, err := os.Readlink(filepath.Join(dir, fi.Name()))
118 return err == nil && !strings.Contains(target, "/")
119 }
120
View as plain text