// Copyright 2011 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. // +build dragonfly freebsd linux nacl netbsd openbsd solaris package x509 import "io/ioutil" // Possible certificate files; stop after finding one. var certFiles = []string{ "/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc. "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL "/etc/ssl/ca-bundle.pem", // OpenSUSE "/etc/ssl/cert.pem", // OpenBSD "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly "/etc/pki/tls/cacert.pem", // OpenELEC "/etc/certs/ca-certificates.crt", // Solaris 11.2+ } // Possible directories with certificate files; stop after successfully // reading at least one file from a directory. var certDirectories = []string{ "/system/etc/security/cacerts", // Android } func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { return nil, nil } func initSystemRoots() { roots := NewCertPool() for _, file := range certFiles { data, err := ioutil.ReadFile(file) if err == nil { roots.AppendCertsFromPEM(data) systemRoots = roots return } } for _, directory := range certDirectories { fis, err := ioutil.ReadDir(directory) if err != nil { continue } rootsAdded := false for _, fi := range fis { data, err := ioutil.ReadFile(directory + "/" + fi.Name()) if err == nil && roots.AppendCertsFromPEM(data) { rootsAdded = true } } if rootsAdded { systemRoots = roots return } } // All of the files failed to load. systemRoots will be nil which will // trigger a specific error at verification time. }