1 // Copyright 2011 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // +build dragonfly freebsd linux nacl netbsd openbsd solaris
11 // Possible certificate files; stop after finding one.
12 var certFiles
= []string{
13 "/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
14 "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL
15 "/etc/ssl/ca-bundle.pem", // OpenSUSE
16 "/etc/ssl/cert.pem", // OpenBSD
17 "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly
20 func (c
*Certificate
) systemVerify(opts
*VerifyOptions
) (chains
[][]*Certificate
, err error
) {
24 func initSystemRoots() {
25 roots
:= NewCertPool()
26 for _
, file
:= range certFiles
{
27 data
, err
:= ioutil
.ReadFile(file
)
29 roots
.AppendCertsFromPEM(data
)
35 // All of the files failed to load. systemRoots will be nil which will
36 // trigger a specific error at verification time.