From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 24 Jun 2020 20:49:05 +0000 (-0400)
Subject: crypto/x509: move and update the SSL_CERT_FILE and SSL_CERT_DIR docs
X-Git-Tag: go1.15rc1~60
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=b13774691cfb22b1cb18263c9a35176c4a0e94b2;p=gostls13.git

crypto/x509: move and update the SSL_CERT_FILE and SSL_CERT_DIR docs

Fixes #37907

Change-Id: Ia077de6dcc74ed761d278eab4efbf45e151429b8
Reviewed-on: https://go-review.googlesource.com/c/go/+/239747
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
---

diff --git a/src/crypto/x509/cert_pool.go b/src/crypto/x509/cert_pool.go
index 3e1e5fb8cd..59ec4b6894 100644
--- a/src/crypto/x509/cert_pool.go
+++ b/src/crypto/x509/cert_pool.go
@@ -47,11 +47,15 @@ func (s *CertPool) copy() *CertPool {
 
 // SystemCertPool returns a copy of the system cert pool.
 //
-// Any mutations to the returned pool are not written to disk and do
-// not affect any other pool returned by SystemCertPool.
+// On Unix systems other than macOS the environment variables SSL_CERT_FILE and
+// SSL_CERT_DIR can be used to override the system default locations for the SSL
+// certificate file and SSL certificate files directory, respectively. The
+// latter can be a colon-separated list.
 //
-// New changes in the system cert pool might not be reflected
-// in subsequent calls.
+// Any mutations to the returned pool are not written to disk and do not affect
+// any other pool returned by SystemCertPool.
+//
+// New changes in the system cert pool might not be reflected in subsequent calls.
 func SystemCertPool() (*CertPool, error) {
 	if runtime.GOOS == "windows" {
 		// Issue 16736, 18609:
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 338b48861c..9cc3acdb3f 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -3,10 +3,6 @@
 // license that can be found in the LICENSE file.
 
 // Package x509 parses X.509-encoded keys and certificates.
-//
-// On UNIX systems the environment variables SSL_CERT_FILE and SSL_CERT_DIR
-// can be used to override the system default locations for the SSL certificate
-// file and SSL certificate files directory, respectively.
 package x509
 
 import (