1 // Copyright 2011 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // +build aix dragonfly freebsd js,wasm linux nacl netbsd openbsd solaris 6 7 package x509 8 9 import ( 10 "io/ioutil" 11 "os" 12 ) 13 14 // Possible directories with certificate files; stop after successfully 15 // reading at least one file from a directory. 16 var certDirectories = []string{ 17 "/etc/ssl/certs", // SLES10/SLES11, https://golang.org/issue/12139 18 "/system/etc/security/cacerts", // Android 19 "/usr/local/share/certs", // FreeBSD 20 "/etc/pki/tls/certs", // Fedora/RHEL 21 "/etc/openssl/certs", // NetBSD 22 "/var/ssl/certs", // AIX 23 } 24 25 const ( 26 // certFileEnv is the environment variable which identifies where to locate 27 // the SSL certificate file. If set this overrides the system default. 28 certFileEnv = "SSL_CERT_FILE" 29 30 // certDirEnv is the environment variable which identifies which directory 31 // to check for SSL certificate files. If set this overrides the system default. 32 certDirEnv = "SSL_CERT_DIR" 33 ) 34 35 func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { 36 return nil, nil 37 } 38 39 func loadSystemRoots() (*CertPool, error) { 40 roots := NewCertPool() 41 42 files := certFiles 43 if f := os.Getenv(certFileEnv); f != "" { 44 files = []string{f} 45 } 46 47 var firstErr error 48 for _, file := range files { 49 data, err := ioutil.ReadFile(file) 50 if err == nil { 51 roots.AppendCertsFromPEM(data) 52 break 53 } 54 if firstErr == nil && !os.IsNotExist(err) { 55 firstErr = err 56 } 57 } 58 59 dirs := certDirectories 60 if d := os.Getenv(certDirEnv); d != "" { 61 dirs = []string{d} 62 } 63 64 for _, directory := range dirs { 65 fis, err := ioutil.ReadDir(directory) 66 if err != nil { 67 if firstErr == nil && !os.IsNotExist(err) { 68 firstErr = err 69 } 70 continue 71 } 72 rootsAdded := false 73 for _, fi := range fis { 74 data, err := ioutil.ReadFile(directory + "/" + fi.Name()) 75 if err == nil && roots.AppendCertsFromPEM(data) { 76 rootsAdded = true 77 } 78 } 79 if rootsAdded { 80 return roots, nil 81 } 82 } 83 84 if len(roots.certs) > 0 || firstErr == nil { 85 return roots, nil 86 } 87 88 return nil, firstErr 89 } 90
View as plain text