]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 15c8925)
crypto/x509: define certDirectories per GOOS
authorTobias Klauser <tklauser@distanz.ch>
Mon, 17 Aug 2020 16:26:00 +0000 (18:26 +0200)
committerTobias Klauser <tobias.klauser@gmail.com>
Tue, 29 Sep 2020 06:10:34 +0000 (06:10 +0000)
Split the list of CA certificate directory locations in root_unix.go by
GOOS (aix, *bsd, js, linux, solaris).

On solaris, also include /etc/certs/CA as documented here:
https://docs.oracle.com/cd/E37838_01/html/E61024/kmf-cacerts.html

Same as CL 2208 did for certFiles.

Change-Id: Id24822d6a674bbbbf4088ebb8fe8437edad232b7
Reviewed-on: https://go-review.googlesource.com/c/go/+/248762
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
src/crypto/x509/root_aix.go patch | blob | history
src/crypto/x509/root_bsd.go patch | blob | history
src/crypto/x509/root_js.go patch | blob | history
src/crypto/x509/root_linux.go patch | blob | history
src/crypto/x509/root_solaris.go patch | blob | history
src/crypto/x509/root_unix.go patch | blob | history

diff --git a/src/crypto/x509/root_aix.go b/src/crypto/x509/root_aix.go
index 6d427739a4315e8d10b23d22310504cbe2dfdf71..4d50a134738e025050f5fb894001991ae89d4d36 100644 (file)
--- a/src/crypto/x509/root_aix.go
+++ b/src/crypto/x509/root_aix.go
@@ -8,3 +8,9 @@ package x509
 var certFiles = []string{
        "/var/ssl/certs/ca-bundle.crt",
 }
+
+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{
+       "/var/ssl/certs",
+}
diff --git a/src/crypto/x509/root_bsd.go b/src/crypto/x509/root_bsd.go
index 1371933891030e81682eb083f0aed89f9c464b67..f04b6bd0d66991537d791bf278d1270308cc6b6f 100644 (file)
--- a/src/crypto/x509/root_bsd.go
+++ b/src/crypto/x509/root_bsd.go
@@ -13,3 +13,10 @@ var certFiles = []string{
        "/usr/local/share/certs/ca-root-nss.crt", // DragonFly
        "/etc/openssl/certs/ca-certificates.crt", // NetBSD
 }
+
+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{
+       "/usr/local/share/certs", // FreeBSD
+       "/etc/openssl/certs",     // NetBSD
+}
diff --git a/src/crypto/x509/root_js.go b/src/crypto/x509/root_js.go
index 70abb73f99c283052cd9a2a5e76d7f660877647c..4e537a4fe5e021fac4afdc03ea287666fc4eeaed 100644 (file)
--- a/src/crypto/x509/root_js.go
+++ b/src/crypto/x509/root_js.go
@@ -8,3 +8,7 @@ package x509
 
 // Possible certificate files; stop after finding one.
 var certFiles = []string{}
+
+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{}
diff --git a/src/crypto/x509/root_linux.go b/src/crypto/x509/root_linux.go
index 267775dc5f0664c51926a0623c8dd9af37de40cf..ad6ce5cae79dc020eb656996434bd118f7e958af 100644 (file)
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@@ -13,3 +13,11 @@ var certFiles = []string{
        "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
        "/etc/ssl/cert.pem",                                 // Alpine Linux
 }
+
+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{
+       "/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
+       "/etc/pki/tls/certs",           // Fedora/RHEL
+       "/system/etc/security/cacerts", // Android
+}
diff --git a/src/crypto/x509/root_solaris.go b/src/crypto/x509/root_solaris.go
index e6d4e613994754d2e7e303dcd09c22fde836f255..97c19139e3e759a75c93826cec9f1eecb8c60be4 100644 (file)
--- a/src/crypto/x509/root_solaris.go
+++ b/src/crypto/x509/root_solaris.go
@@ -10,3 +10,9 @@ var certFiles = []string{
        "/etc/ssl/certs/ca-certificates.crt", // Joyent SmartOS
        "/etc/ssl/cacert.pem",                // OmniOS
 }
+
+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{
+       "/etc/certs/CA",
+}
diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go
index b48e618a652cb9dd8fef91c4311c5a7bb24ee952..2aa38751f381aefe78c8be0e7ff30e1f77f82f12 100644 (file)
--- a/src/crypto/x509/root_unix.go
+++ b/src/crypto/x509/root_unix.go
@@ -13,17 +13,6 @@ import (
        "strings"
 )
 
-// Possible directories with certificate files; stop after successfully
-// reading at least one file from a directory.
-var certDirectories = []string{
-       "/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
-       "/system/etc/security/cacerts", // Android
-       "/usr/local/share/certs",       // FreeBSD
-       "/etc/pki/tls/certs",           // Fedora/RHEL
-       "/etc/openssl/certs",           // NetBSD
-       "/var/ssl/certs",               // AIX
-}
-
 const (
        // certFileEnv is the environment variable which identifies where to locate
        // the SSL certificate file. If set this overrides the system default.
Go GOST TLS 1.3