x509: add root certs for android.

On android, root certificates appear to be stored in the folder /system/etc/security/cacerts, which has many certs in several different files. This change adds a new array of directories in which certs can be found. To test this, I simply tried making a request with the http library to an HTTPS URL on an android emulator and manually verified that it worked. LGTM=crawshaw R=golang-codereviews, gobot, crawshaw CC=golang-codereviews https://golang.org/cl/151800043
2024-11-12 09:50:21 -07:00 · 2014-09-30 09:51:49 +10:00 · 2014-09-30 09:51:49 +10:00 · 5368e63b57
commit 5368e63b57
parent 3df5780126
1 changed files with 25 additions and 0 deletions
--- a/src/crypto/x509/root_unix.go
+++ b/src/crypto/x509/root_unix.go
@ -17,6 +17,13 @@ var certFiles = []string{
 	"/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly
 }

+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{
+	"/system/etc/security/cacerts", // Android
+
+}
+
 func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
 	return nil, nil
 }
@ -32,6 +39,24 @@ func initSystemRoots() {
 		}
 	}

+	for _, directory := range certDirectories {
+		fis, err := ioutil.ReadDir(directory)
+		if err != nil {
+			continue
+		}
+		rootsAdded := false
+		for _, fi := range fis {
+			data, err := ioutil.ReadFile(directory + "/" + fi.Name())
+			if err == nil && roots.AppendCertsFromPEM(data) {
+				rootsAdded = true
+			}
+		}
+		if rootsAdded {
+			systemRoots = roots
+			return
+		}
+	}
+
 	// All of the files failed to load. systemRoots will be nil which will
 	// trigger a specific error at verification time.
 }