github.com/ccccaoqing/test@v0.0.0-20220510085219-3985d23445c0/src/crypto/x509/root_unix.go (about) 1 // Copyright 2011 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // +build dragonfly freebsd linux nacl netbsd openbsd solaris 6 7 package x509 8 9 import "io/ioutil" 10 11 // Possible certificate files; stop after finding one. 12 var certFiles = []string{ 13 "/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc. 14 "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL 15 "/etc/ssl/ca-bundle.pem", // OpenSUSE 16 "/etc/ssl/cert.pem", // OpenBSD 17 "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly 18 "/etc/pki/tls/cacert.pem", // OpenELEC 19 "/etc/certs/ca-certificates.crt", // Solaris 11.2+ 20 } 21 22 // Possible directories with certificate files; stop after successfully 23 // reading at least one file from a directory. 24 var certDirectories = []string{ 25 "/system/etc/security/cacerts", // Android 26 27 } 28 29 func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { 30 return nil, nil 31 } 32 33 func initSystemRoots() { 34 roots := NewCertPool() 35 for _, file := range certFiles { 36 data, err := ioutil.ReadFile(file) 37 if err == nil { 38 roots.AppendCertsFromPEM(data) 39 systemRoots = roots 40 return 41 } 42 } 43 44 for _, directory := range certDirectories { 45 fis, err := ioutil.ReadDir(directory) 46 if err != nil { 47 continue 48 } 49 rootsAdded := false 50 for _, fi := range fis { 51 data, err := ioutil.ReadFile(directory + "/" + fi.Name()) 52 if err == nil && roots.AppendCertsFromPEM(data) { 53 rootsAdded = true 54 } 55 } 56 if rootsAdded { 57 systemRoots = roots 58 return 59 } 60 } 61 62 // All of the files failed to load. systemRoots will be nil which will 63 // trigger a specific error at verification time. 64 }