crypto/x509: fix comments on certDirectories

CL 205237 allowed SSL_CERT_DIR to be a colon delimited list of
directories. In the case that SSL_CERT_DIR is unset, the change
also made certDirectories to all be loaded rather than stopping
after successfully reading at least one file from a directory.
This update fixes code comments on the certDirectories package
level variables to reflect current behavior.

Fixes #48808

Change-Id: Id92f875545272fc6205d9955d03ea7bf844f15eb
Reviewed-on: https://go-review.googlesource.com/c/go/+/354140
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Reviewed-by: Katie Hockman <katie@golang.org>
Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Trust: Katie Hockman <katie@golang.org>

diff --git a/src/crypto/x509/root_aix.go b/src/crypto/x509/root_aix.go
index 4d50a134738e025050f5fb894001991ae89d4d36..99b7463a2a7149c0d132393964af0f78f0d9dc2b 100644 (file)
--- a/src/crypto/x509/root_aix.go
+++ b/src/crypto/x509/root_aix.go
@@ -9,8 +9,7 @@ var certFiles = []string{
        "/var/ssl/certs/ca-bundle.crt",
 }
 
-// Possible directories with certificate files; stop after successfully
-// reading at least one file from a directory.
+// Possible directories with certificate files; all will be read.
 var certDirectories = []string{
        "/var/ssl/certs",
 }

diff --git a/src/crypto/x509/root_bsd.go b/src/crypto/x509/root_bsd.go
index 8ac205faa95d9a44398b8e634bb5d31b4d29b62a..a76aef8659b55a2551d08931b5d9963062798193 100644 (file)
--- a/src/crypto/x509/root_bsd.go
+++ b/src/crypto/x509/root_bsd.go
@@ -14,8 +14,7 @@ var certFiles = []string{
        "/etc/openssl/certs/ca-certificates.crt", // NetBSD
 }
 
-// Possible directories with certificate files; stop after successfully
-// reading at least one file from a directory.
+// Possible directories with certificate files; all will be read.
 var certDirectories = []string{
        "/etc/ssl/certs",         // FreeBSD 12.2+
        "/usr/local/share/certs", // FreeBSD

diff --git a/src/crypto/x509/root_js.go b/src/crypto/x509/root_js.go
index 95930385177847fd914ded89619715d2954afdc5..7b3f1e486ff5cb2e4dcd60c565186d0641936136 100644 (file)
--- a/src/crypto/x509/root_js.go
+++ b/src/crypto/x509/root_js.go
@@ -9,6 +9,5 @@ package x509
 // Possible certificate files; stop after finding one.
 var certFiles = []string{}
 
-// Possible directories with certificate files; stop after successfully
-// reading at least one file from a directory.
+// Possible directories with certificate files; all will be read.
 var certDirectories = []string{}

diff --git a/src/crypto/x509/root_linux.go b/src/crypto/x509/root_linux.go
index ad6ce5cae79dc020eb656996434bd118f7e958af..e32989b999ed7118db6ebf6de9e94dad4c843852 100644 (file)
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@@ -14,8 +14,7 @@ var certFiles = []string{
        "/etc/ssl/cert.pem",                                 // Alpine Linux
 }
 
-// Possible directories with certificate files; stop after successfully
-// reading at least one file from a directory.
+// Possible directories with certificate files; all will be read.
 var certDirectories = []string{
        "/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
        "/etc/pki/tls/certs",           // Fedora/RHEL

diff --git a/src/crypto/x509/root_solaris.go b/src/crypto/x509/root_solaris.go
index 97c19139e3e759a75c93826cec9f1eecb8c60be4..617f26961f60bf335693a55acd0f4dbb5099744e 100644 (file)
--- a/src/crypto/x509/root_solaris.go
+++ b/src/crypto/x509/root_solaris.go
@@ -11,8 +11,7 @@ var certFiles = []string{
        "/etc/ssl/cacert.pem",                // OmniOS
 }
 
-// Possible directories with certificate files; stop after successfully
-// reading at least one file from a directory.
+// Possible directories with certificate files; all will be read.
 var certDirectories = []string{
        "/etc/certs/CA",
 }