src/crypto/x509/root_unix.go - go - Git at Google

 // Copyright 2011 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 // +build aix dragonfly freebsd js,wasm linux nacl netbsd openbsd solaris

 package x509

 import (
 	"io/ioutil"
 	"os"
 )

 // Possible directories with certificate files; stop after successfully
 // reading at least one file from a directory.
 var certDirectories = []string{
 	"/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
 	"/system/etc/security/cacerts", // Android
 	"/usr/local/share/certs",       // FreeBSD
 	"/etc/pki/tls/certs",           // Fedora/RHEL
 	"/etc/openssl/certs",           // NetBSD
 	"/var/ssl/certs",               // AIX
 }

 const (
 	// certFileEnv is the environment variable which identifies where to locate
 	// the SSL certificate file. If set this overrides the system default.
 	certFileEnv = "SSL_CERT_FILE"

 	// certDirEnv is the environment variable which identifies which directory
 	// to check for SSL certificate files. If set this overrides the system default.
 	certDirEnv = "SSL_CERT_DIR"
 )

 func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
 	return nil, nil
 }

 func loadSystemRoots() (*CertPool, error) {
 	roots := NewCertPool()

 	files := certFiles
 	if f := os.Getenv(certFileEnv); f != "" {
 		files = []string{f}
 	}

 	var firstErr error
 	for _, file := range files {
 		data, err := ioutil.ReadFile(file)
 		if err == nil {
 			roots.AppendCertsFromPEM(data)
 			break
 		}
 		if firstErr == nil && !os.IsNotExist(err) {
 			firstErr = err
 		}
 	}

 	dirs := certDirectories
 	if d := os.Getenv(certDirEnv); d != "" {
 		dirs = []string{d}
 	}

 	for _, directory := range dirs {
 		fis, err := ioutil.ReadDir(directory)
 		if err != nil {
 			if firstErr == nil && !os.IsNotExist(err) {
 				firstErr = err
 			}
 			continue
 		}
 		rootsAdded := false
 		for _, fi := range fis {
 			data, err := ioutil.ReadFile(directory + "/" + fi.Name())
 			if err == nil && roots.AppendCertsFromPEM(data) {
 				rootsAdded = true
 			}
 		}
 		if rootsAdded {
 			return roots, nil
 		}
 	}

 	if len(roots.certs) > 0 || firstErr == nil {
 		return roots, nil
 	}

 	return nil, firstErr
 }
	// Copyright 2011 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	// +build aix dragonfly freebsd js,wasm linux nacl netbsd openbsd solaris

	package x509

	import (
	"io/ioutil"
	"os"
	)

	// Possible directories with certificate files; stop after successfully
	// reading at least one file from a directory.
	var certDirectories = []string{
	"/etc/ssl/certs", // SLES10/SLES11, https://golang.org/issue/12139
	"/system/etc/security/cacerts", // Android
	"/usr/local/share/certs", // FreeBSD
	"/etc/pki/tls/certs", // Fedora/RHEL
	"/etc/openssl/certs", // NetBSD
	"/var/ssl/certs", // AIX
	}

	const (
	// certFileEnv is the environment variable which identifies where to locate
	// the SSL certificate file. If set this overrides the system default.
	certFileEnv = "SSL_CERT_FILE"

	// certDirEnv is the environment variable which identifies which directory
	// to check for SSL certificate files. If set this overrides the system default.
	certDirEnv = "SSL_CERT_DIR"
	)

	func (c Certificate) systemVerify(opts VerifyOptions) (chains [][]*Certificate, err error) {
	return nil, nil
	}

	func loadSystemRoots() (*CertPool, error) {
	roots := NewCertPool()

	files := certFiles
	if f := os.Getenv(certFileEnv); f != "" {
	files = []string{f}
	}

	var firstErr error
	for _, file := range files {
	data, err := ioutil.ReadFile(file)
	if err == nil {
	roots.AppendCertsFromPEM(data)
	break
	}
	if firstErr == nil && !os.IsNotExist(err) {
	firstErr = err
	}
	}

	dirs := certDirectories
	if d := os.Getenv(certDirEnv); d != "" {
	dirs = []string{d}
	}

	for _, directory := range dirs {
	fis, err := ioutil.ReadDir(directory)
	if err != nil {
	if firstErr == nil && !os.IsNotExist(err) {
	firstErr = err
	}
	continue
	}
	rootsAdded := false
	for _, fi := range fis {
	data, err := ioutil.ReadFile(directory + "/" + fi.Name())
	if err == nil && roots.AppendCertsFromPEM(data) {
	rootsAdded = true
	}
	}
	if rootsAdded {
	return roots, nil
	}
	}

	if len(roots.certs) > 0 \|\| firstErr == nil {
	return roots, nil
	}

	return nil, firstErr
	}