Cypherpunks repositories - gostls13.git/commit

author	Emmanuel T Odeke <emmanuel@orijtech.com>
	Mon, 4 Nov 2019 17:19:59 +0000 (09:19 -0800)
committer	Emmanuel Odeke <emm.odeke@gmail.com>
	Wed, 26 Feb 2020 05:45:54 +0000 (05:45 +0000)
commit	7a03d79498a32eb099d6f82aa8b19e813630be65
tree	85005376847410c75f9266989c1b5f48770f3c47	tree
parent	6052838bc325049505aba9c3b87256161f9e05e8	commit \| diff

crypto/x509: load roots from colon separated SSL_CERT_DIR in loadSystemRoots

"SSL_CERT_DIR" is meant to hold more than one directory, when a colon
is used as a delimiter. However, we assumed it'd be a single directory
for all root certificates.
OpenSSL and BoringSSL properly respected the colon separated
"SSL_CERT_DIR", as per:
* OpenSSL https://github.com/openssl/openssl/blob/12a765a5235f181c2f4992b615eb5f892c368e88/crypto/x509/by_dir.c#L153-L209
* BoringSSL https://github.com/google/boringssl/blob/3ba9586bc081f67903c89917f23e74a0662ba953/crypto/x509/by_dir.c#L194-L247

This change adds that parity to loadSystemRoots.

RELNOTE=yes

Fixes #35325

Change-Id: I0d554a00ccc34300a7f0529aa741ee7e2d5762f9
Reviewed-on: https://go-review.googlesource.com/c/go/+/205237
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

src/crypto/x509/root_unix.go		diff \| blob \| history
src/crypto/x509/root_unix_test.go		diff \| blob \| history