From 6fc094ceaf87659217dd0b2184e0a8749f6e3d39 Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Mon, 17 Aug 2020 18:26:00 +0200
Subject: crypto/x509: define certDirectories per GOOS

Split the list of CA certificate directory locations in root_unix.go by
GOOS (aix, *bsd, js, linux, solaris).

On solaris, also include /etc/certs/CA as documented here:
https://docs.oracle.com/cd/E37838_01/html/E61024/kmf-cacerts.html

Same as CL 2208 did for certFiles.

Change-Id: Id24822d6a674bbbbf4088ebb8fe8437edad232b7
Reviewed-on: https://go-review.googlesource.com/c/go/+/248762
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
---
 src/crypto/x509/root_linux.go | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/crypto/x509/root_linux.go')

diff --git a/src/crypto/x509/root_linux.go b/src/crypto/x509/root_linux.go
index 267775dc5f..ad6ce5cae7 100644
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@@ -13,3 +13,11 @@ var certFiles = []string{
 	"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
 	"/etc/ssl/cert.pem",                                 // Alpine Linux
 }
+
+// Possible directories with certificate files; stop after successfully
+// reading at least one file from a directory.
+var certDirectories = []string{
+	"/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
+	"/etc/pki/tls/certs",           // Fedora/RHEL
+	"/system/etc/security/cacerts", // Android
+}
-- 
cgit v1.3