From: Shang Jian Ding Date: Wed, 6 Oct 2021 00:52:20 +0000 (-0500) Subject: crypto/x509: fix comments on certDirectories X-Git-Tag: go1.18beta1~112 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=fd4b391849dcd3ac0e90d3a86b0ee7df00b9b269;p=gostls13.git crypto/x509: fix comments on certDirectories CL 205237 allowed SSL_CERT_DIR to be a colon delimited list of directories. In the case that SSL_CERT_DIR is unset, the change also made certDirectories to all be loaded rather than stopping after successfully reading at least one file from a directory. This update fixes code comments on the certDirectories package level variables to reflect current behavior. Fixes #48808 Change-Id: Id92f875545272fc6205d9955d03ea7bf844f15eb Reviewed-on: https://go-review.googlesource.com/c/go/+/354140 Reviewed-by: Emmanuel Odeke Reviewed-by: Katie Hockman Run-TryBot: Emmanuel Odeke TryBot-Result: Gopher Robot Trust: Katie Hockman --- diff --git a/src/crypto/x509/root_aix.go b/src/crypto/x509/root_aix.go index 4d50a13473..99b7463a2a 100644 --- a/src/crypto/x509/root_aix.go +++ b/src/crypto/x509/root_aix.go @@ -9,8 +9,7 @@ var certFiles = []string{ "/var/ssl/certs/ca-bundle.crt", } -// Possible directories with certificate files; stop after successfully -// reading at least one file from a directory. +// Possible directories with certificate files; all will be read. var certDirectories = []string{ "/var/ssl/certs", } diff --git a/src/crypto/x509/root_bsd.go b/src/crypto/x509/root_bsd.go index 8ac205faa9..a76aef8659 100644 --- a/src/crypto/x509/root_bsd.go +++ b/src/crypto/x509/root_bsd.go @@ -14,8 +14,7 @@ var certFiles = []string{ "/etc/openssl/certs/ca-certificates.crt", // NetBSD } -// Possible directories with certificate files; stop after successfully -// reading at least one file from a directory. +// Possible directories with certificate files; all will be read. var certDirectories = []string{ "/etc/ssl/certs", // FreeBSD 12.2+ "/usr/local/share/certs", // FreeBSD diff --git a/src/crypto/x509/root_js.go b/src/crypto/x509/root_js.go index 9593038517..7b3f1e486f 100644 --- a/src/crypto/x509/root_js.go +++ b/src/crypto/x509/root_js.go @@ -9,6 +9,5 @@ package x509 // Possible certificate files; stop after finding one. var certFiles = []string{} -// Possible directories with certificate files; stop after successfully -// reading at least one file from a directory. +// Possible directories with certificate files; all will be read. var certDirectories = []string{} diff --git a/src/crypto/x509/root_linux.go b/src/crypto/x509/root_linux.go index ad6ce5cae7..e32989b999 100644 --- a/src/crypto/x509/root_linux.go +++ b/src/crypto/x509/root_linux.go @@ -14,8 +14,7 @@ var certFiles = []string{ "/etc/ssl/cert.pem", // Alpine Linux } -// Possible directories with certificate files; stop after successfully -// reading at least one file from a directory. +// Possible directories with certificate files; all will be read. var certDirectories = []string{ "/etc/ssl/certs", // SLES10/SLES11, https://golang.org/issue/12139 "/etc/pki/tls/certs", // Fedora/RHEL diff --git a/src/crypto/x509/root_solaris.go b/src/crypto/x509/root_solaris.go index 97c19139e3..617f26961f 100644 --- a/src/crypto/x509/root_solaris.go +++ b/src/crypto/x509/root_solaris.go @@ -11,8 +11,7 @@ var certFiles = []string{ "/etc/ssl/cacert.pem", // OmniOS } -// Possible directories with certificate files; stop after successfully -// reading at least one file from a directory. +// Possible directories with certificate files; all will be read. var certDirectories = []string{ "/etc/certs/CA", }