root_unix.go

Documentation: crypto/x509

     1  // Copyright 2011 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // +build aix dragonfly freebsd js,wasm linux nacl netbsd openbsd solaris
     6  
     7  package x509
     8  
     9  import (
    10  	"io/ioutil"
    11  	"os"
    12  )
    13  
    14  // Possible directories with certificate files; stop after successfully
    15  // reading at least one file from a directory.
    16  var certDirectories = []string{
    17  	"/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
    18  	"/system/etc/security/cacerts", // Android
    19  	"/usr/local/share/certs",       // FreeBSD
    20  	"/etc/pki/tls/certs",           // Fedora/RHEL
    21  	"/etc/openssl/certs",           // NetBSD
    22  	"/var/ssl/certs",               // AIX
    23  }
    24  
    25  const (
    26  	// certFileEnv is the environment variable which identifies where to locate
    27  	// the SSL certificate file. If set this overrides the system default.
    28  	certFileEnv = "SSL_CERT_FILE"
    29  
    30  	// certDirEnv is the environment variable which identifies which directory
    31  	// to check for SSL certificate files. If set this overrides the system default.
    32  	certDirEnv = "SSL_CERT_DIR"
    33  )
    34  
    35  func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
    36  	return nil, nil
    37  }
    38  
    39  func loadSystemRoots() (*CertPool, error) {
    40  	roots := NewCertPool()
    41  
    42  	files := certFiles
    43  	if f := os.Getenv(certFileEnv); f != "" {
    44  		files = []string{f}
    45  	}
    46  
    47  	var firstErr error
    48  	for _, file := range files {
    49  		data, err := ioutil.ReadFile(file)
    50  		if err == nil {
    51  			roots.AppendCertsFromPEM(data)
    52  			break
    53  		}
    54  		if firstErr == nil && !os.IsNotExist(err) {
    55  			firstErr = err
    56  		}
    57  	}
    58  
    59  	dirs := certDirectories
    60  	if d := os.Getenv(certDirEnv); d != "" {
    61  		dirs = []string{d}
    62  	}
    63  
    64  	for _, directory := range dirs {
    65  		fis, err := ioutil.ReadDir(directory)
    66  		if err != nil {
    67  			if firstErr == nil && !os.IsNotExist(err) {
    68  				firstErr = err
    69  			}
    70  			continue
    71  		}
    72  		rootsAdded := false
    73  		for _, fi := range fis {
    74  			data, err := ioutil.ReadFile(directory + "/" + fi.Name())
    75  			if err == nil && roots.AppendCertsFromPEM(data) {
    76  				rootsAdded = true
    77  			}
    78  		}
    79  		if rootsAdded {
    80  			return roots, nil
    81  		}
    82  	}
    83  
    84  	if len(roots.certs) > 0 || firstErr == nil {
    85  		return roots, nil
    86  	}
    87  
    88  	return nil, firstErr
    89  }
    90
View as plain text