Cypherpunks repositories - gostls13.git/commit

author	Steven Hartland <steven.hartland@multiplay.co.uk>
	Thu, 2 Feb 2017 00:34:06 +0000 (00:34 +0000)
committer	Brad Fitzpatrick <bradfitz@golang.org>
	Wed, 3 May 2017 15:39:29 +0000 (15:39 +0000)
commit	e83bcd95a4a86e4caf2faa78158170d512dd9de5
tree	45523ed934bcba16ca735c924ac8ff21315cab83	tree
parent	4d7a5edb7e476a321365151a3253395c25185341	commit \| diff

crypto/x509: load certs from env vars + extra locations

Add the ability to override the default file and directory from
which certificates are loaded by setting the OpenSSL compatible
environment variables: SSL_CERT_FILE, SSL_CERT_DIR.

If the variables are set the default locations are not checked.

Added new default file "/usr/local/etc/ssl/cert.pem" for FreeBSD.

Certificates in the first valid location found for both file and
directory are added, instead of only the first file location if
a valid one was found, which is consistent with OpenSSL.

Fixes #3905
Fixes #14022
Fixes #14311
Fixes #16920
Fixes #18813 - If user sets SSL_CERT_FILE.

Change-Id: Ia24fb7c1c2ffff4338b4cf214bd040326ce27bb0
Reviewed-on: https://go-review.googlesource.com/36093
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

src/crypto/x509/root_bsd.go		diff \| blob \| history
src/crypto/x509/root_unix.go		diff \| blob \| history
src/crypto/x509/root_unix_test.go	[new file with mode: 0644]	blob
src/crypto/x509/test-file.crt	[new file with mode: 0644]	blob
src/crypto/x509/testdata/test-dir.crt	[new file with mode: 0644]	blob
src/crypto/x509/x509.go		diff \| blob \| history