crypto/x509: define certDirectories per GOOS

Split the list of CA certificate directory locations in root_unix.go by
GOOS (aix, *bsd, js, linux, solaris).

On solaris, also include /etc/certs/CA as documented here:
https://docs.oracle.com/cd/E37838_01/html/E61024/kmf-cacerts.html

Same as CL 2208 did for certFiles.

Change-Id: Id24822d6a674bbbbf4088ebb8fe8437edad232b7
Reviewed-on: https://go-review.googlesource.com/c/go/+/248762
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>

src/crypto/x509/root_aix.go

@@ -8,3 +8,9 @@ package x509
 var certFiles = []string{
 	"/var/ssl/certs/ca-bundle.crt",
 }
+
+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{
+	"/var/ssl/certs",
+}

src/crypto/x509/root_bsd.go

@@ -13,3 +13,10 @@ var certFiles = []string{
 	"/usr/local/share/certs/ca-root-nss.crt", // DragonFly
 	"/etc/openssl/certs/ca-certificates.crt", // NetBSD
 }
+
+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{
+	"/usr/local/share/certs", // FreeBSD
+	"/etc/openssl/certs",     // NetBSD
+}

src/crypto/x509/root_js.go

@@ -8,3 +8,7 @@ package x509
 
 // Possible certificate files; stop after finding one.
 var certFiles = []string{}
+
+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{}

src/crypto/x509/root_linux.go

@@ -13,3 +13,11 @@ var certFiles = []string{
 	"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
 	"/etc/ssl/cert.pem",                                 // Alpine Linux
 }
+
+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{
+	"/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
+	"/etc/pki/tls/certs",           // Fedora/RHEL
+	"/system/etc/security/cacerts", // Android
+}

src/crypto/x509/root_solaris.go

@@ -10,3 +10,9 @@ var certFiles = []string{
 	"/etc/ssl/certs/ca-certificates.crt", // Joyent SmartOS
 	"/etc/ssl/cacert.pem",                // OmniOS
 }
+
+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{
+	"/etc/certs/CA",
+}

src/crypto/x509/root_unix.go

@@ -13,17 +13,6 @@ import (
 	"strings"
 )
 
-// Possible directories with certificate files; stop after successfully
-// reading at least one file from a directory.
-var certDirectories = []string{
-	"/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
-	"/system/etc/security/cacerts", // Android
-	"/usr/local/share/certs",       // FreeBSD
-	"/etc/pki/tls/certs",           // Fedora/RHEL
-	"/etc/openssl/certs",           // NetBSD
-	"/var/ssl/certs",               // AIX
-}
-
 const (
 	// certFileEnv is the environment variable which identifies where to locate
 	// the SSL certificate file. If set this overrides the system default.