From: Quentin Smith <quentin@golang.org>
Date: Wed, 5 Oct 2016 22:04:54 +0000 (-0400)
Subject: crypto/x509: support RHEL 7 cert bundle
X-Git-Tag: go1.8beta1~1008
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=ce645534e481368b4ec6141d48eb361422e423b8;p=gostls13.git

crypto/x509: support RHEL 7 cert bundle

RHEL 7 introduces a new tool, update-ca-trust(8), which places the
certificate bundle in a new location. Add this path to the list of
locations that are searched for the certificate bundle.

Fixes #15749

Change-Id: Idc97f885ee48ef085f1eb4dacbd1c2cf55f94ff5
Reviewed-on: https://go-review.googlesource.com/30375
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---

diff --git a/src/crypto/x509/root_linux.go b/src/crypto/x509/root_linux.go
index cfeca6958c..38dd72d3ed 100644
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@@ -6,8 +6,9 @@ package x509
 
 // Possible certificate files; stop after finding one.
 var certFiles = []string{
-	"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
-	"/etc/pki/tls/certs/ca-bundle.crt",   // Fedora/RHEL
-	"/etc/ssl/ca-bundle.pem",             // OpenSUSE
-	"/etc/pki/tls/cacert.pem",            // OpenELEC
+	"/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
+	"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
+	"/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6
+	"/etc/ssl/ca-bundle.pem",                            // OpenSUSE
+	"/etc/pki/tls/cacert.pem",                           // OpenELEC
 }