libgo/go/crypto/x509/root_unix.go

   1 // Copyright 2011 The Go Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style
   3 // license that can be found in the LICENSE file.
   4
   5 // +build aix dragonfly freebsd linux nacl netbsd openbsd solaris
   6
   7 package x509
   8
   9 import (
  10         "io/ioutil"
  11         "os"
  12 )
  13
  14 // Possible directories with certificate files; stop after successfully
  15 // reading at least one file from a directory.
  16 var certDirectories = []string{
  17         "/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
  18         "/system/etc/security/cacerts", // Android
  19         "/usr/local/share/certs",       // FreeBSD
  20         "/etc/pki/tls/certs",           // Fedora/RHEL
  21         "/etc/openssl/certs",           // NetBSD
  22         "/var/ssl/certs",               // AIX
  23 }
  24
  25 const (
  26         // certFileEnv is the environment variable which identifies where to locate
  27         // the SSL certificate file. If set this overrides the system default.
  28         certFileEnv = "SSL_CERT_FILE"
  29
  30         // certDirEnv is the environment variable which identifies which directory
  31         // to check for SSL certificate files. If set this overrides the system default.
  32         certDirEnv = "SSL_CERT_DIR"
  33 )
  34
  35 func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
  36         return nil, nil
  37 }
  38
  39 func loadSystemRoots() (*CertPool, error) {
  40         roots := NewCertPool()
  41
  42         files := certFiles
  43         if f := os.Getenv(certFileEnv); f != "" {
  44                 files = []string{f}
  45         }
  46
  47         var firstErr error
  48         for _, file := range files {
  49                 data, err := ioutil.ReadFile(file)
  50                 if err == nil {
  51                         roots.AppendCertsFromPEM(data)
  52                         break
  53                 }
  54                 if firstErr == nil && !os.IsNotExist(err) {
  55                         firstErr = err
  56                 }
  57         }
  58
  59         dirs := certDirectories
  60         if d := os.Getenv(certDirEnv); d != "" {
  61                 dirs = []string{d}
  62         }
  63
  64         for _, directory := range dirs {
  65                 fis, err := ioutil.ReadDir(directory)
  66                 if err != nil {
  67                         if firstErr == nil && !os.IsNotExist(err) {
  68                                 firstErr = err
  69                         }
  70                         continue
  71                 }
  72                 rootsAdded := false
  73                 for _, fi := range fis {
  74                         data, err := ioutil.ReadFile(directory + "/" + fi.Name())
  75                         if err == nil && roots.AppendCertsFromPEM(data) {
  76                                 rootsAdded = true
  77                         }
  78                 }
  79                 if rootsAdded {
  80                         return roots, nil
  81                 }
  82         }
  83
  84         if len(roots.certs) > 0 {
  85                 return roots, nil
  86         }
  87
  88         return nil, firstErr
  89 }