From b4dff4847461a0f8ae373ac9fad4d270b84c5772 Mon Sep 17 00:00:00 2001 From: Tom Linford Date: Tue, 30 Sep 2014 09:51:49 +1000 Subject: x509: add root certs for android. On android, root certificates appear to be stored in the folder /system/etc/security/cacerts, which has many certs in several different files. This change adds a new array of directories in which certs can be found. To test this, I simply tried making a request with the http library to an HTTPS URL on an android emulator and manually verified that it worked. LGTM=crawshaw R=golang-codereviews, gobot, crawshaw CC=golang-codereviews https://codereview.appspot.com/151800043 Committer: David Crawshaw --- src/crypto/x509/root_unix.go | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'src/crypto') diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go index 11ad3c440..10057c0c0 100644 --- a/src/crypto/x509/root_unix.go +++ b/src/crypto/x509/root_unix.go @@ -17,6 +17,13 @@ var certFiles = []string{ "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly } +// Possible directories with certificate files; stop after successfully +// reading at least one file from a directory. +var certDirectories = []string{ + "/system/etc/security/cacerts", // Android + +} + func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { return nil, nil } @@ -32,6 +39,24 @@ func initSystemRoots() { } } + for _, directory := range certDirectories { + fis, err := ioutil.ReadDir(directory) + if err != nil { + continue + } + rootsAdded := false + for _, fi := range fis { + data, err := ioutil.ReadFile(directory + "/" + fi.Name()) + if err == nil && roots.AppendCertsFromPEM(data) { + rootsAdded = true + } + } + if rootsAdded { + systemRoots = roots + return + } + } + // All of the files failed to load. systemRoots will be nil which will // trigger a specific error at verification time. } -- cgit v1.2.1