mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 04:55:31 +00:00
3bab226299
Snapshotted from Go commit 619c7a48a38b28b521591b490fd14ccb7ea5e821 (https://go-review.googlesource.com/c/go/+/229762, "crypto/x509: add x509omitbundledroots build tag to not embed roots") With 975c01342a25899962969833d8b2873dc8856a4f (https://go-review.googlesource.com/c/go/+/220721) removed, because it depends on other stuff in Go std that doesn't yet exist in a Go release. Also, add a subset fork of Go's internal/testenv, for use by x509's tests.
41 lines
844 B
Go
41 lines
844 B
Go
// Copyright 2012 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// +build plan9
|
|
|
|
package x509
|
|
|
|
import (
|
|
"io/ioutil"
|
|
"os"
|
|
)
|
|
|
|
// Possible certificate files; stop after finding one.
|
|
var certFiles = []string{
|
|
"/sys/lib/tls/ca.pem",
|
|
}
|
|
|
|
func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
|
|
return nil, nil
|
|
}
|
|
|
|
func loadSystemRoots() (*CertPool, error) {
|
|
roots := NewCertPool()
|
|
var bestErr error
|
|
for _, file := range certFiles {
|
|
data, err := ioutil.ReadFile(file)
|
|
if err == nil {
|
|
roots.AppendCertsFromPEM(data)
|
|
return roots, nil
|
|
}
|
|
if bestErr == nil || (os.IsNotExist(bestErr) && !os.IsNotExist(err)) {
|
|
bestErr = err
|
|
}
|
|
}
|
|
if bestErr == nil {
|
|
return roots, nil
|
|
}
|
|
return nil, bestErr
|
|
}
|