From 4b68d836defd927d1dbfdb32da340c2aea9577f8 Mon Sep 17 00:00:00 2001
From: Mikkel Krautz <mikkel@krautz.dk>
Date: Thu, 13 Oct 2011 22:58:19 -0400
Subject: [PATCH] crypto/tls: fetch root CA from Windows store

R=rsc
CC=golang-dev
https://golang.org/cl/5281044
---
 Makefile        |  2 +-
 root_windows.go | 55 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 root_windows.go

diff --git a/Makefile b/Makefile
index 063c2a2..3914484 100644
--- a/Makefile
+++ b/Makefile
@@ -28,7 +28,7 @@ GOFILES_freebsd+=root_unix.go
 GOFILES_linux+=root_unix.go
 GOFILES_openbsd+=root_unix.go
 GOFILES_plan9+=root_stub.go
-GOFILES_windows+=root_stub.go
+GOFILES_windows+=root_windows.go
 
 GOFILES+=$(GOFILES_$(GOOS))
 ifneq ($(CGOFILES_$(GOOS)),)
diff --git a/root_windows.go b/root_windows.go
new file mode 100644
index 0000000..4b53f49
--- /dev/null
+++ b/root_windows.go
@@ -0,0 +1,55 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tls
+
+import (
+	"crypto/x509"
+	"reflect"
+	"syscall"
+	"unsafe"
+)
+
+func loadStore(roots *x509.CertPool, name string) {
+	store, errno := syscall.CertOpenSystemStore(syscall.InvalidHandle, syscall.StringToUTF16Ptr(name))
+	if errno != 0 {
+		return
+	}
+
+	var prev *syscall.CertContext
+	for {
+		cur := syscall.CertEnumCertificatesInStore(store, prev)
+		if cur == nil {
+			break
+		}
+
+		var buf []byte
+		hdrp := (*reflect.SliceHeader)(unsafe.Pointer(&buf))
+		hdrp.Data = cur.EncodedCert
+		hdrp.Len = int(cur.Length)
+		hdrp.Cap = int(cur.Length)
+
+		cert, err := x509.ParseCertificate(buf)
+		if err != nil {
+			continue
+		}
+
+		roots.AddCert(cert)
+		prev = cur
+	}
+
+	syscall.CertCloseStore(store, 0)
+}
+
+func initDefaultRoots() {
+	roots := x509.NewCertPool()
+
+	// Roots
+	loadStore(roots, "ROOT")
+
+	// Intermediates
+	loadStore(roots, "CA")
+
+	varDefaultRoots = roots
+}