2011-10-14 03:58:19 +01:00
|
|
|
// Copyright 2011 The Go Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package tls
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/x509"
|
|
|
|
"syscall"
|
|
|
|
"unsafe"
|
|
|
|
)
|
|
|
|
|
|
|
|
func loadStore(roots *x509.CertPool, name string) {
|
2011-11-14 03:44:52 +00:00
|
|
|
store, err := syscall.CertOpenSystemStore(syscall.InvalidHandle, syscall.StringToUTF16Ptr(name))
|
|
|
|
if err != nil {
|
2011-10-14 03:58:19 +01:00
|
|
|
return
|
|
|
|
}
|
2011-12-01 17:38:00 +00:00
|
|
|
defer syscall.CertCloseStore(store, 0)
|
2011-10-14 03:58:19 +01:00
|
|
|
|
2011-10-14 17:26:38 +01:00
|
|
|
var cert *syscall.CertContext
|
2011-10-14 03:58:19 +01:00
|
|
|
for {
|
2011-12-01 17:38:00 +00:00
|
|
|
cert, err = syscall.CertEnumCertificatesInStore(store, cert)
|
|
|
|
if err != nil {
|
|
|
|
return
|
2011-10-14 03:58:19 +01:00
|
|
|
}
|
|
|
|
|
2011-12-01 17:38:00 +00:00
|
|
|
buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
|
|
|
|
// ParseCertificate requires its own copy of certificate data to keep.
|
|
|
|
buf2 := make([]byte, cert.Length)
|
|
|
|
copy(buf2, buf)
|
|
|
|
if c, err := x509.ParseCertificate(buf2); err == nil {
|
|
|
|
roots.AddCert(c)
|
2011-10-14 17:26:38 +01:00
|
|
|
}
|
2011-10-14 03:58:19 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func initDefaultRoots() {
|
|
|
|
roots := x509.NewCertPool()
|
|
|
|
|
|
|
|
// Roots
|
|
|
|
loadStore(roots, "ROOT")
|
|
|
|
|
|
|
|
// Intermediates
|
|
|
|
loadStore(roots, "CA")
|
|
|
|
|
|
|
|
varDefaultRoots = roots
|
|
|
|
}
|