...

Source file src/crypto/x509/root_unix.go

Documentation: crypto/x509 

		 1  // Copyright 2011 The Go Authors. All rights reserved.
		 2  // Use of this source code is governed by a BSD-style
		 3  // license that can be found in the LICENSE file.
		 4  
		 5  //go:build aix || dragonfly || freebsd || (js && wasm) || linux || netbsd || openbsd || solaris
		 6  // +build aix dragonfly freebsd js,wasm linux netbsd openbsd solaris
		 7  
		 8  package x509
		 9  
		10  import (
		11  	"io/fs"
		12  	"os"
		13  	"path/filepath"
		14  	"strings"
		15  )
		16  
		17  const (
		18  	// certFileEnv is the environment variable which identifies where to locate
		19  	// the SSL certificate file. If set this overrides the system default.
		20  	certFileEnv = "SSL_CERT_FILE"
		21  
		22  	// certDirEnv is the environment variable which identifies which directory
		23  	// to check for SSL certificate files. If set this overrides the system default.
		24  	// It is a colon separated list of directories.
		25  	// See https://www.openssl.org/docs/man1.0.2/man1/c_rehash.html.
		26  	certDirEnv = "SSL_CERT_DIR"
		27  )
		28  
		29  func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
		30  	return nil, nil
		31  }
		32  
		33  func loadSystemRoots() (*CertPool, error) {
		34  	roots := NewCertPool()
		35  
		36  	files := certFiles
		37  	if f := os.Getenv(certFileEnv); f != "" {
		38  		files = []string{f}
		39  	}
		40  
		41  	var firstErr error
		42  	for _, file := range files {
		43  		data, err := os.ReadFile(file)
		44  		if err == nil {
		45  			roots.AppendCertsFromPEM(data)
		46  			break
		47  		}
		48  		if firstErr == nil && !os.IsNotExist(err) {
		49  			firstErr = err
		50  		}
		51  	}
		52  
		53  	dirs := certDirectories
		54  	if d := os.Getenv(certDirEnv); d != "" {
		55  		// OpenSSL and BoringSSL both use ":" as the SSL_CERT_DIR separator.
		56  		// See:
		57  		//	* https://golang.org/issue/35325
		58  		//	* https://www.openssl.org/docs/man1.0.2/man1/c_rehash.html
		59  		dirs = strings.Split(d, ":")
		60  	}
		61  
		62  	for _, directory := range dirs {
		63  		fis, err := readUniqueDirectoryEntries(directory)
		64  		if err != nil {
		65  			if firstErr == nil && !os.IsNotExist(err) {
		66  				firstErr = err
		67  			}
		68  			continue
		69  		}
		70  		for _, fi := range fis {
		71  			data, err := os.ReadFile(directory + "/" + fi.Name())
		72  			if err == nil {
		73  				roots.AppendCertsFromPEM(data)
		74  			}
		75  		}
		76  	}
		77  
		78  	if roots.len() > 0 || firstErr == nil {
		79  		return roots, nil
		80  	}
		81  
		82  	return nil, firstErr
		83  }
		84  
		85  // readUniqueDirectoryEntries is like os.ReadDir but omits
		86  // symlinks that point within the directory.
		87  func readUniqueDirectoryEntries(dir string) ([]fs.DirEntry, error) {
		88  	files, err := os.ReadDir(dir)
		89  	if err != nil {
		90  		return nil, err
		91  	}
		92  	uniq := files[:0]
		93  	for _, f := range files {
		94  		if !isSameDirSymlink(f, dir) {
		95  			uniq = append(uniq, f)
		96  		}
		97  	}
		98  	return uniq, nil
		99  }
	 100  
	 101  // isSameDirSymlink reports whether fi in dir is a symlink with a
	 102  // target not containing a slash.
	 103  func isSameDirSymlink(f fs.DirEntry, dir string) bool {
	 104  	if f.Type()&fs.ModeSymlink == 0 {
	 105  		return false
	 106  	}
	 107  	target, err := os.Readlink(filepath.Join(dir, f.Name()))
	 108  	return err == nil && !strings.Contains(target, "/")
	 109  }
	 110  

View as plain text