crypto/tls: fetch root CA from Windows store

R=rsc
CC=golang-dev
https://golang.org/cl/5281044

Makefile

@@ -28,7 +28,7 @@ GOFILES_freebsd+=root_unix.go
 GOFILES_linux+=root_unix.go
 GOFILES_openbsd+=root_unix.go
 GOFILES_plan9+=root_stub.go
-GOFILES_windows+=root_stub.go
+GOFILES_windows+=root_windows.go
 
 GOFILES+=$(GOFILES_$(GOOS))
 ifneq ($(CGOFILES_$(GOOS)),)

root_windows.go

@@ -0,0 +1,55 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tls
+
+import (
+	"crypto/x509"
+	"reflect"
+	"syscall"
+	"unsafe"
+)
+
+func loadStore(roots *x509.CertPool, name string) {
+	store, errno := syscall.CertOpenSystemStore(syscall.InvalidHandle, syscall.StringToUTF16Ptr(name))
+	if errno != 0 {
+		return
+	}
+
+	var prev *syscall.CertContext
+	for {
+		cur := syscall.CertEnumCertificatesInStore(store, prev)
+		if cur == nil {
+			break
+		}
+
+		var buf []byte
+		hdrp := (*reflect.SliceHeader)(unsafe.Pointer(&buf))
+		hdrp.Data = cur.EncodedCert
+		hdrp.Len = int(cur.Length)
+		hdrp.Cap = int(cur.Length)
+
+		cert, err := x509.ParseCertificate(buf)
+		if err != nil {
+			continue
+		}
+
+		roots.AddCert(cert)
+		prev = cur
+	}
+
+	syscall.CertCloseStore(store, 0)
+}
+
+func initDefaultRoots() {
+	roots := x509.NewCertPool()
+
+	// Roots
+	loadStore(roots, "ROOT")
+
+	// Intermediates
+	loadStore(roots, "CA")
+
+	varDefaultRoots = roots
+}