x509: add root certs for android.

On android, root certificates appear to be stored in the folder
/system/etc/security/cacerts, which has many certs in several
different files. This change adds a new array of directories in
which certs can be found.

To test this, I simply tried making a request with the http
library to an HTTPS URL on an android emulator and manually
verified that it worked.

LGTM=crawshaw
R=golang-codereviews, gobot, crawshaw
CC=golang-codereviews
https://codereview.appspot.com/151800043

Committer: David Crawshaw <david.crawshaw@zentus.com>

1 files changed, 25 insertions, 0 deletions

diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go
index 11ad3c440..10057c0c0 100644
--- a/src/crypto/x509/root_unix.go
+++ b/src/crypto/x509/root_unix.go
@@ -17,6 +17,13 @@ var certFiles = []string{
 	"/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly
 }
 
+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{
+	"/system/etc/security/cacerts", // Android
+
+}
+
 func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
 	return nil, nil
 }
@@ -32,6 +39,24 @@ func initSystemRoots() {
 		}
 	}
 
+	for _, directory := range certDirectories {
+		fis, err := ioutil.ReadDir(directory)
+		if err != nil {
+			continue
+		}
+		rootsAdded := false
+		for _, fi := range fis {
+			data, err := ioutil.ReadFile(directory + "/" + fi.Name())
+			if err == nil && roots.AppendCertsFromPEM(data) {
+				rootsAdded = true
+			}
+		}
+		if rootsAdded {
+			systemRoots = roots
+			return
+		}
+	}
+
 	// All of the files failed to load. systemRoots will be nil which will
 	// trigger a specific error at verification time.
 }