From: Dave Cheney Date: Mon, 5 Jan 2015 02:14:04 +0000 (+1100) Subject: crypto/x509: split certFiles definition by GOOS X-Git-Tag: go1.5beta1~2465 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=682922908f7e434261cbed8f0019e8415347166b;p=gostls13.git crypto/x509: split certFiles definition by GOOS This CL splits the (ever growing) list of ca cert locations by major unix platforms (darwin, windows and plan9 are already handled seperately). Although it is clear the unix variants cannot manage to agree on some standard locations, we can avoid to some extent an artificial ranking of priority amongst the supported GOOSs. * Split certFiles definition by GOOS * Include NetBSD ca cert location Fixes #9285 Change-Id: I6df2a3fddf3866e71033e01fce43c31e51b48a9e Reviewed-on: https://go-review.googlesource.com/2208 Reviewed-by: Brad Fitzpatrick Reviewed-by: Andrew Gerrand --- diff --git a/src/crypto/x509/root_bsd.go b/src/crypto/x509/root_bsd.go new file mode 100644 index 0000000000..9317283736 --- /dev/null +++ b/src/crypto/x509/root_bsd.go @@ -0,0 +1,14 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build dragonfly freebsd netbsd openbsd + +package x509 + +// Possible certificate files; stop after finding one. +var certFiles = []string{ + "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly + "/etc/ssl/cert.pem", // OpenBSD + "/etc/openssl/certs/ca-certificates.crt", // NetBSD +} diff --git a/src/crypto/x509/root_linux.go b/src/crypto/x509/root_linux.go new file mode 100644 index 0000000000..cfeca6958c --- /dev/null +++ b/src/crypto/x509/root_linux.go @@ -0,0 +1,13 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package x509 + +// Possible certificate files; stop after finding one. +var certFiles = []string{ + "/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc. + "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL + "/etc/ssl/ca-bundle.pem", // OpenSUSE + "/etc/pki/tls/cacert.pem", // OpenELEC +} diff --git a/src/crypto/x509/root_solaris.go b/src/crypto/x509/root_solaris.go new file mode 100644 index 0000000000..bf5d826e0d --- /dev/null +++ b/src/crypto/x509/root_solaris.go @@ -0,0 +1,10 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package x509 + +// Possible certificate files; stop after finding one. +var certFiles = []string{ + "/etc/certs/ca-certificates.crt", // Solaris 11.2+ +} diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go index f77d6c0c57..8d3b2fbb23 100644 --- a/src/crypto/x509/root_unix.go +++ b/src/crypto/x509/root_unix.go @@ -8,22 +8,10 @@ package x509 import "io/ioutil" -// Possible certificate files; stop after finding one. -var certFiles = []string{ - "/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc. - "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL - "/etc/ssl/ca-bundle.pem", // OpenSUSE - "/etc/ssl/cert.pem", // OpenBSD - "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly - "/etc/pki/tls/cacert.pem", // OpenELEC - "/etc/certs/ca-certificates.crt", // Solaris 11.2+ -} - // Possible directories with certificate files; stop after successfully // reading at least one file from a directory. var certDirectories = []string{ "/system/etc/security/cacerts", // Android - } func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {