mirror of
https://github.com/golang/go
synced 2024-11-21 22:24:40 -07:00
crypto/tls: cleanup certificate load on windows
- correct syscall.CertEnumCertificatesInStore so it returns error - remove "reflect" dependency R=hectorchu, agl, rsc CC=golang-dev, krautz https://golang.org/cl/5441052
This commit is contained in:
parent
bac7bc55a6
commit
d5f37122d2
@ -6,7 +6,6 @@ package tls
|
||||
|
||||
import (
|
||||
"crypto/x509"
|
||||
"reflect"
|
||||
"syscall"
|
||||
"unsafe"
|
||||
)
|
||||
@ -16,29 +15,23 @@ func loadStore(roots *x509.CertPool, name string) {
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
defer syscall.CertCloseStore(store, 0)
|
||||
|
||||
var cert *syscall.CertContext
|
||||
for {
|
||||
cert = syscall.CertEnumCertificatesInStore(store, cert)
|
||||
if cert == nil {
|
||||
break
|
||||
cert, err = syscall.CertEnumCertificatesInStore(store, cert)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
var asn1Slice []byte
|
||||
hdrp := (*reflect.SliceHeader)(unsafe.Pointer(&asn1Slice))
|
||||
hdrp.Data = cert.EncodedCert
|
||||
hdrp.Len = int(cert.Length)
|
||||
hdrp.Cap = int(cert.Length)
|
||||
|
||||
buf := make([]byte, len(asn1Slice))
|
||||
copy(buf, asn1Slice)
|
||||
|
||||
if cert, err := x509.ParseCertificate(buf); err == nil {
|
||||
roots.AddCert(cert)
|
||||
buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
|
||||
// ParseCertificate requires its own copy of certificate data to keep.
|
||||
buf2 := make([]byte, cert.Length)
|
||||
copy(buf2, buf)
|
||||
if c, err := x509.ParseCertificate(buf2); err == nil {
|
||||
roots.AddCert(c)
|
||||
}
|
||||
}
|
||||
|
||||
syscall.CertCloseStore(store, 0)
|
||||
}
|
||||
|
||||
func initDefaultRoots() {
|
||||
|
@ -152,7 +152,7 @@ func NewCallback(fn interface{}) uintptr
|
||||
//sys TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (err error) = mswsock.TransmitFile
|
||||
//sys ReadDirectoryChanges(handle Handle, buf *byte, buflen uint32, watchSubTree bool, mask uint32, retlen *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) = kernel32.ReadDirectoryChangesW
|
||||
//sys CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) = crypt32.CertOpenSystemStoreW
|
||||
//sys CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) = crypt32.CertEnumCertificatesInStore
|
||||
//sys CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) [failretval==nil] = crypt32.CertEnumCertificatesInStore
|
||||
//sys CertCloseStore(store Handle, flags uint32) (err error) = crypt32.CertCloseStore
|
||||
//sys RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint32, result *Handle) (regerrno uintptr) = advapi32.RegOpenKeyExW
|
||||
//sys RegCloseKey(key Handle) (regerrno uintptr) = advapi32.RegCloseKey
|
||||
|
@ -969,9 +969,16 @@ func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) {
|
||||
return
|
||||
}
|
||||
|
||||
func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) {
|
||||
r0, _, _ := Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
|
||||
func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) {
|
||||
r0, _, e1 := Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
|
||||
context = (*CertContext)(unsafe.Pointer(r0))
|
||||
if context == nil {
|
||||
if e1 != 0 {
|
||||
err = error(e1)
|
||||
} else {
|
||||
err = EINVAL
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -969,9 +969,16 @@ func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) {
|
||||
return
|
||||
}
|
||||
|
||||
func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) {
|
||||
r0, _, _ := Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
|
||||
func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) {
|
||||
r0, _, e1 := Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
|
||||
context = (*CertContext)(unsafe.Pointer(r0))
|
||||
if context == nil {
|
||||
if e1 != 0 {
|
||||
err = error(e1)
|
||||
} else {
|
||||
err = EINVAL
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -659,7 +659,7 @@ type MibIfRow struct {
|
||||
|
||||
type CertContext struct {
|
||||
EncodingType uint32
|
||||
EncodedCert uintptr
|
||||
EncodedCert *byte
|
||||
Length uint32
|
||||
CertInfo uintptr
|
||||
Store Handle
|
||||
|
Loading…
Reference in New Issue
Block a user