crypto/x509: split certFiles definition by GOOS

This CL splits the (ever growing) list of ca cert locations by major unix platforms (darwin, windows and plan9 are already handled seperately). Although it is clear the unix variants cannot manage to agree on some standard locations, we can avoid to some extent an artificial ranking of priority amongst the supported GOOSs. * Split certFiles definition by GOOS * Include NetBSD ca cert location Fixes #9285 Change-Id: I6df2a3fddf3866e71033e01fce43c31e51b48a9e Reviewed-on: https://go-review.googlesource.com/2208 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org>
2024-09-23 23:20:14 -06:00 · 2015-01-05 13:14:04 +11:00 · 2015-01-05 13:14:04 +11:00 · 682922908f
commit 682922908f
parent 0b52392ef7
4 changed files with 37 additions and 12 deletions
--- a/src/crypto/x509/root_bsd.go
+++ b/src/crypto/x509/root_bsd.go
@ -0,0 +1,14 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build dragonfly freebsd netbsd openbsd
+
+package x509
+
+// Possible certificate files; stop after finding one.
+var certFiles = []string{
+	"/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly
+	"/etc/ssl/cert.pem",                      // OpenBSD
+	"/etc/openssl/certs/ca-certificates.crt", // NetBSD
+}
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@ -0,0 +1,13 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package x509
+
+// Possible certificate files; stop after finding one.
+var certFiles = []string{
+	"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
+	"/etc/pki/tls/certs/ca-bundle.crt",   // Fedora/RHEL
+	"/etc/ssl/ca-bundle.pem",             // OpenSUSE
+	"/etc/pki/tls/cacert.pem",            // OpenELEC
+}
--- a/src/crypto/x509/root_solaris.go
+++ b/src/crypto/x509/root_solaris.go
@ -0,0 +1,10 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package x509
+
+// Possible certificate files; stop after finding one.
+var certFiles = []string{
+	"/etc/certs/ca-certificates.crt", // Solaris 11.2+
+}
--- a/src/crypto/x509/root_unix.go
+++ b/src/crypto/x509/root_unix.go
@ -8,22 +8,10 @@ package x509

 import "io/ioutil"

-// Possible certificate files; stop after finding one.
-var certFiles = []string{
-	"/etc/ssl/certs/ca-certificates.crt",     // Debian/Ubuntu/Gentoo etc.
-	"/etc/pki/tls/certs/ca-bundle.crt",       // Fedora/RHEL
-	"/etc/ssl/ca-bundle.pem",                 // OpenSUSE
-	"/etc/ssl/cert.pem",                      // OpenBSD
-	"/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly
-	"/etc/pki/tls/cacert.pem",                // OpenELEC
-	"/etc/certs/ca-certificates.crt",         // Solaris 11.2+
-}
-
 // Possible directories with certificate files; stop after successfully
 // reading at least one file from a directory.
 var certDirectories = []string{
 	"/system/etc/security/cacerts", // Android
-
 }

 func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {