mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 04:55:31 +00:00
3bab226299
Snapshotted from Go commit 619c7a48a38b28b521591b490fd14ccb7ea5e821 (https://go-review.googlesource.com/c/go/+/229762, "crypto/x509: add x509omitbundledroots build tag to not embed roots") With 975c01342a25899962969833d8b2873dc8856a4f (https://go-review.googlesource.com/c/go/+/220721) removed, because it depends on other stuff in Go std that doesn't yet exist in a Go release. Also, add a subset fork of Go's internal/testenv, for use by x509's tests.
22 lines
799 B
Go
22 lines
799 B
Go
// Copyright 2020 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// +build darwin,arm64,x509omitbundledroots
|
|
|
|
// This file provides the loadSystemRoots func when the
|
|
// "x509omitbundledroots" build tag has disabled bundling a copy,
|
|
// which currently on happens on darwin/arm64 (root_darwin_arm64.go).
|
|
// This then saves 256 KiB of binary size and another 560 KiB of
|
|
// runtime memory size retaining the parsed roots forever. Constrained
|
|
// environments can construct minimal x509 root CertPools on the fly
|
|
// in the crypto/tls.Config.VerifyPeerCertificate hook.
|
|
|
|
package x509
|
|
|
|
import "errors"
|
|
|
|
func loadSystemRoots() (*CertPool, error) {
|
|
return nil, errors.New("x509: system root bundling disabled")
|
|
}
|