crypto/x509: look for CAs at /etc/ssl/cert.pem for Alpine Linux

Alpine Linux uses /etc/ssl/cert.pem as default ca-bundle which
is preinstalled since 3.7 and was installed as part of the libressl
package in 3.5 and 3.6.

The path /etc/ssl/certs/ca-certificates.crt is only valid if the full
ca-certificates package is installed by hand, which contains all
single CA certs and uses update-ca-certificates to bundle them.

The priority for /etc/ssl/certs/ca-certificates.crt should be kept
higher than /etc/ssl/cert.pem in case the user installed custom
CA certs.

Change-Id: I1c86a6ad84d8ee1163560655743a5ce9f2408af1
GitHub-Last-Rev: 0ba4d599e412640248d4e688537aaea4c43ecbcc
GitHub-Pull-Request: golang/go#31042
Reviewed-on: https://go-review.googlesource.com/c/go/+/169238
Reviewed-by: Filippo Valsorda <filippo@golang.org>

diff --git a/src/crypto/x509/root_linux.go b/src/crypto/x509/root_linux.go
index aa1785e4c637508f2d01d0679f271f7ea3d3bc51..267775dc5f0664c51926a0623c8dd9af37de40cf 100644 (file)
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@@ -11,4 +11,5 @@ var certFiles = []string{
        "/etc/ssl/ca-bundle.pem",                            // OpenSUSE
        "/etc/pki/tls/cacert.pem",                           // OpenELEC
        "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
+       "/etc/ssl/cert.pem",                                 // Alpine Linux
 }