crypto/tls: cleanup certificate load on windows

- correct syscall.CertEnumCertificatesInStore so it returns error - remove "reflect" dependency R=hectorchu, agl, rsc CC=golang-dev, krautz https://golang.org/cl/5441052
2011-12-01 12:38:00 -05:00 · 2011-12-01 12:38:00 -05:00 · ba4d79c54f
commit ba4d79c54f
parent c08ab14bad
1 changed files with 10 additions and 17 deletions
--- a/root_windows.go
+++ b/root_windows.go
@ -6,7 +6,6 @@ package tls

 import (
 	"crypto/x509"
-	"reflect"
 	"syscall"
 	"unsafe"
 )
@ -16,29 +15,23 @@ func loadStore(roots *x509.CertPool, name string) {
 	if err != nil {
 		return
 	}
+	defer syscall.CertCloseStore(store, 0)

 	var cert *syscall.CertContext
 	for {
-		cert = syscall.CertEnumCertificatesInStore(store, cert)
-		if cert == nil {
-			break
+		cert, err = syscall.CertEnumCertificatesInStore(store, cert)
+		if err != nil {
+			return
 		}

-		var asn1Slice []byte
-		hdrp := (*reflect.SliceHeader)(unsafe.Pointer(&asn1Slice))
-		hdrp.Data = cert.EncodedCert
-		hdrp.Len = int(cert.Length)
-		hdrp.Cap = int(cert.Length)
-
-		buf := make([]byte, len(asn1Slice))
-		copy(buf, asn1Slice)
-
-		if cert, err := x509.ParseCertificate(buf); err == nil {
-			roots.AddCert(cert)
+		buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
+		// ParseCertificate requires its own copy of certificate data to keep.
+		buf2 := make([]byte, cert.Length)
+		copy(buf2, buf)
+		if c, err := x509.ParseCertificate(buf2); err == nil {
+			roots.AddCert(c)
 		}
 	}
-
-	syscall.CertCloseStore(store, 0)
 }

 func initDefaultRoots() {