crypto/x509: avoid Android root store paths on other Linuxes

Updates #58922

Change-Id: I0eb2c97babb05b2d9bc36ed8af03579094bc02ac
Reviewed-on: https://go-review.googlesource.com/c/go/+/531878
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ingo Oeser <nightlyone@googlemail.com>

diff --git a/src/crypto/x509/root_linux.go b/src/crypto/x509/root_linux.go
index 76a64a80dd46964b6a7be7aad0c85d7effe97e14..8e79ccb5f61f90b3b46ad90ce332a509fbda9968 100644 (file)
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@@ -4,6 +4,8 @@
 
 package x509
 
+import "internal/goos"
+
 // Possible certificate files; stop after finding one.
 var certFiles = []string{
        "/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
@@ -16,8 +18,15 @@ var certFiles = []string{
 
 // Possible directories with certificate files; all will be read.
 var certDirectories = []string{
-       "/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
-       "/etc/pki/tls/certs",           // Fedora/RHEL
-       "/system/etc/security/cacerts", // Android
-       "/data/misc/keychain/certs-added", // Android user trusted CA folder
+       "/etc/ssl/certs",     // SLES10/SLES11, https://golang.org/issue/12139
+       "/etc/pki/tls/certs", // Fedora/RHEL
+}
+
+func init() {
+       if goos.IsAndroid == 1 {
+               certDirectories = append(certDirectories,
+                       "/system/etc/security/cacerts",    // Android system roots
+                       "/data/misc/keychain/certs-added", // User trusted CA folder
+               )
+       }
 }