// Copyright 2011 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. package tls import ( "crypto/x509" "reflect" "syscall" "unsafe" ) func loadStore(roots *x509.CertPool, name string) { store, err := syscall.CertOpenSystemStore(syscall.InvalidHandle, syscall.StringToUTF16Ptr(name)) if err != nil { return } var cert *syscall.CertContext for { cert = syscall.CertEnumCertificatesInStore(store, cert) if cert == nil { break } var asn1Slice []byte hdrp := (*reflect.SliceHeader)(unsafe.Pointer(&asn1Slice)) hdrp.Data = cert.EncodedCert hdrp.Len = int(cert.Length) hdrp.Cap = int(cert.Length) buf := make([]byte, len(asn1Slice)) copy(buf, asn1Slice) if cert, err := x509.ParseCertificate(buf); err == nil { roots.AddCert(cert) } } syscall.CertCloseStore(store, 0) } func initDefaultRoots() { roots := x509.NewCertPool() // Roots loadStore(roots, "ROOT") // Intermediates loadStore(roots, "CA") varDefaultRoots = roots }