kris
/
tls-tris
1
0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
124 コミット
4 ブランチ
2.5 MiB
 
 
 
 
 
 
ツリー: 96f8cd5397
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'96f8cd5397' から
${ noResults }
tls-tris/root_darwin.go

96 行
2.8 KiB
Raw Blame 履歴 

  1. // Copyright 2011 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package tls

  6. 

  7. /*

  8. // Note: We disable -Werror here because the code in this file uses a deprecated API to stay

  9. // compatible with both Mac OS X 10.6 and 10.7. Using a deprecated function on Darwin generates

  10. // a warning.

  11. #cgo CFLAGS: -Wno-error -Wno-deprecated-declarations

  12. #cgo LDFLAGS: -framework CoreFoundation -framework Security

  13. #include <CoreFoundation/CoreFoundation.h>

  14. #include <Security/Security.h>

  15. 

  16. // FetchPEMRoots fetches the system's list of trusted X.509 root certificates.

  17. //

  18. // On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root

  19. // certificates of the system. On failure, the function returns -1.

  20. //

  21. // Note: The CFDataRef returned in pemRoots must be released (using CFRelease) after

  22. // we've consumed its content.

  23. int FetchPEMRoots(CFDataRef *pemRoots) {

  24. 	if (pemRoots == NULL) {

  25. 		return -1;

  26. 	}

  27. 

  28. 	CFArrayRef certs = NULL;

  29. 	OSStatus err = SecTrustCopyAnchorCertificates(&certs);

  30. 	if (err != noErr) {

  31. 		return -1;

  32. 	}

  33. 

  34. 	CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0);

  35. 	int i, ncerts = CFArrayGetCount(certs);

  36. 	for (i = 0; i < ncerts; i++) {

  37. 		CFDataRef data = NULL;

  38. 		SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, i);

  39. 		if (cert == NULL) {

  40. 			continue;

  41. 		}

  42. 

  43. 		// SecKeychainImportExport is deprecated in >= OS X 10.7, and has been replaced by

  44. 		// SecItemExport.  If we're built on a host with a Lion SDK, this code gets conditionally

  45. 		// included in the output, also for binaries meant for 10.6.

  46. 		//

  47. 		// To make sure that we run on both Mac OS X 10.6 and 10.7 we use weak linking

  48. 		// and check whether SecItemExport is available before we attempt to call it. On

  49. 		// 10.6, this won't be the case, and we'll fall back to calling SecKeychainItemExport.

  50. #if __MAC_OS_X_VERSION_MAX_ALLOWED >= 1070

  51. 		if (SecItemExport) {

  52. 			err = SecItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);

  53. 			if (err != noErr) {

  54. 				continue;

  55. 			}

  56. 		} else

  57. #endif

  58. 		if (data == NULL) {

  59. 			err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);

  60. 			if (err != noErr) {

  61. 				continue;

  62. 			}

  63. 		}

  64. 

  65. 		if (data != NULL) {

  66. 			CFDataAppendBytes(combinedData, CFDataGetBytePtr(data), CFDataGetLength(data));

  67. 			CFRelease(data);

  68. 		}

  69. 	}

  70. 

  71. 	CFRelease(certs);

  72. 

  73. 	*pemRoots = combinedData;

  74. 	return 0;

  75. }

  76. */

  77. import "C"

  78. import (

  79. 	"crypto/x509"

  80. 	"unsafe"

  81. )

  82. 

  83. func initDefaultRoots() {

  84. 	roots := x509.NewCertPool()

  85. 

  86. 	var data C.CFDataRef = nil

  87. 	err := C.FetchPEMRoots(&data)

  88. 	if err != -1 {

  89. 		defer C.CFRelease(C.CFTypeRef(data))

  90. 		buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data)))

  91. 		roots.AppendCertsFromPEM(buf)

  92. 	}

  93. 

  94. 	varDefaultRoots = roots

  95. }