Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge: + DNS, Web: Entware: use special directory with the system roo…
…t certificates Close #1311 * commit '0e030154ee4f73d0c1a8e9d092b12be78b0a0ea5': - fix tests + DNS, Web: Entware: use special directory with the system root certificates
- Loading branch information
Showing
6 changed files
with
69 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
package util | ||
|
||
import ( | ||
"crypto/x509" | ||
"io/ioutil" | ||
"os" | ||
"runtime" | ||
|
||
"github.com/AdguardTeam/golibs/log" | ||
) | ||
|
||
// LoadSystemRootCAs - load root CAs from the system | ||
// Return the x509 certificate pool object | ||
// Return nil if nothing has been found. | ||
// This means that Go.crypto will use its default algorithm to find system root CA list. | ||
// https://github.com/AdguardTeam/AdGuardHome/issues/1311 | ||
func LoadSystemRootCAs() *x509.CertPool { | ||
if runtime.GOOS != "linux" { | ||
return nil | ||
} | ||
|
||
// Directories with the system root certificates, that aren't supported by Go.crypto | ||
dirs := []string{ | ||
"/opt/etc/ssl/certs", // Entware | ||
} | ||
roots := x509.NewCertPool() | ||
for _, dir := range dirs { | ||
fis, err := ioutil.ReadDir(dir) | ||
if err != nil { | ||
if !os.IsNotExist(err) { | ||
log.Error("Opening directory: %s: %s", dir, err) | ||
} | ||
continue | ||
} | ||
rootsAdded := false | ||
for _, fi := range fis { | ||
data, err := ioutil.ReadFile(dir + "/" + fi.Name()) | ||
if err == nil && roots.AppendCertsFromPEM(data) { | ||
rootsAdded = true | ||
} | ||
} | ||
if rootsAdded { | ||
return roots | ||
} | ||
} | ||
return nil | ||
} |
5f328d2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you, guys! @Entware team really appriciate that!