crypto/x509: fix comments on certDirectories
CL 205237 allowed SSL_CERT_DIR to be a colon delimited list of
directories. In the case that SSL_CERT_DIR is unset, the change
also made certDirectories to all be loaded rather than stopping
after successfully reading at least one file from a directory.
This update fixes code comments on the certDirectories package
level variables to reflect current behavior.
Fixes #48808
Change-Id: Id92f875545272fc6205d9955d03ea7bf844f15eb
Reviewed-on: https://go-review.googlesource.com/c/go/+/354140
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Reviewed-by: Katie Hockman <katie@golang.org>
Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Trust: Katie Hockman <katie@golang.org>
diff --git a/src/crypto/x509/root_aix.go b/src/crypto/x509/root_aix.go
index 4d50a13..99b7463 100644
--- a/src/crypto/x509/root_aix.go
+++ b/src/crypto/x509/root_aix.go
@@ -9,8 +9,7 @@
"/var/ssl/certs/ca-bundle.crt",
}
-// Possible directories with certificate files; stop after successfully
-// reading at least one file from a directory.
+// Possible directories with certificate files; all will be read.
var certDirectories = []string{
"/var/ssl/certs",
}
diff --git a/src/crypto/x509/root_bsd.go b/src/crypto/x509/root_bsd.go
index 8ac205f..a76aef8 100644
--- a/src/crypto/x509/root_bsd.go
+++ b/src/crypto/x509/root_bsd.go
@@ -14,8 +14,7 @@
"/etc/openssl/certs/ca-certificates.crt", // NetBSD
}
-// Possible directories with certificate files; stop after successfully
-// reading at least one file from a directory.
+// Possible directories with certificate files; all will be read.
var certDirectories = []string{
"/etc/ssl/certs", // FreeBSD 12.2+
"/usr/local/share/certs", // FreeBSD
diff --git a/src/crypto/x509/root_js.go b/src/crypto/x509/root_js.go
index 9593038..7b3f1e4 100644
--- a/src/crypto/x509/root_js.go
+++ b/src/crypto/x509/root_js.go
@@ -9,6 +9,5 @@
// Possible certificate files; stop after finding one.
var certFiles = []string{}
-// Possible directories with certificate files; stop after successfully
-// reading at least one file from a directory.
+// Possible directories with certificate files; all will be read.
var certDirectories = []string{}
diff --git a/src/crypto/x509/root_linux.go b/src/crypto/x509/root_linux.go
index ad6ce5c..e32989b 100644
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@@ -14,8 +14,7 @@
"/etc/ssl/cert.pem", // Alpine Linux
}
-// Possible directories with certificate files; stop after successfully
-// reading at least one file from a directory.
+// Possible directories with certificate files; all will be read.
var certDirectories = []string{
"/etc/ssl/certs", // SLES10/SLES11, https://golang.org/issue/12139
"/etc/pki/tls/certs", // Fedora/RHEL
diff --git a/src/crypto/x509/root_solaris.go b/src/crypto/x509/root_solaris.go
index 97c1913..617f269 100644
--- a/src/crypto/x509/root_solaris.go
+++ b/src/crypto/x509/root_solaris.go
@@ -11,8 +11,7 @@
"/etc/ssl/cacert.pem", // OmniOS
}
-// Possible directories with certificate files; stop after successfully
-// reading at least one file from a directory.
+// Possible directories with certificate files; all will be read.
var certDirectories = []string{
"/etc/certs/CA",
}