2017-02-23 22:06:47 +01:00
|
|
|
diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go
|
|
|
|
index a4b33c7..9700b75 100644
|
|
|
|
--- a/src/crypto/x509/root_cgo_darwin.go
|
|
|
|
+++ b/src/crypto/x509/root_cgo_darwin.go
|
|
|
|
@@ -151,11 +151,20 @@ int FetchPEMRoots(CFDataRef *pemRoots) {
|
|
|
|
import "C"
|
|
|
|
import (
|
|
|
|
"errors"
|
|
|
|
+ "io/ioutil"
|
|
|
|
+ "os"
|
|
|
|
"unsafe"
|
|
|
|
)
|
|
|
|
|
|
|
|
func loadSystemRoots() (*CertPool, error) {
|
|
|
|
roots := NewCertPool()
|
2017-03-18 19:38:43 +01:00
|
|
|
+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
|
2017-02-23 22:06:47 +01:00
|
|
|
+ data, err := ioutil.ReadFile(file)
|
|
|
|
+ if err == nil {
|
|
|
|
+ roots.AppendCertsFromPEM(data)
|
|
|
|
+ return roots, nil
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
|
|
|
|
var data C.CFDataRef = nil
|
|
|
|
err := C.FetchPEMRoots(&data)
|
|
|
|
diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go
|
|
|
|
index 66cdb5e..bb28036 100644
|
|
|
|
--- a/src/crypto/x509/root_darwin.go
|
|
|
|
+++ b/src/crypto/x509/root_darwin.go
|
|
|
|
@@ -61,17 +61,25 @@ func execSecurityRoots() (*CertPool, error) {
|
|
|
|
println(fmt.Sprintf("crypto/x509: %d certs have a trust policy", len(hasPolicy)))
|
|
|
|
}
|
|
|
|
|
|
|
|
- cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain")
|
|
|
|
- data, err := cmd.Output()
|
|
|
|
- if err != nil {
|
|
|
|
- return nil, err
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
var (
|
|
|
|
mu sync.Mutex
|
|
|
|
roots = NewCertPool()
|
|
|
|
numVerified int // number of execs of 'security verify-cert', for debug stats
|
|
|
|
)
|
|
|
|
|
2017-03-18 19:38:43 +01:00
|
|
|
+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
|
2017-02-23 22:06:47 +01:00
|
|
|
+ data, err := ioutil.ReadFile(file)
|
|
|
|
+ if err == nil {
|
|
|
|
+ roots.AppendCertsFromPEM(data)
|
|
|
|
+ return roots, nil
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain")
|
|
|
|
+ data, err := cmd.Output()
|
|
|
|
+ if err != nil {
|
|
|
|
+ return nil, err
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
blockCh := make(chan *pem.Block)
|
|
|
|
var wg sync.WaitGroup
|
|
|
|
diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go
|
|
|
|
index 7bcb3d6..3986e1a 100644
|
|
|
|
--- a/src/crypto/x509/root_unix.go
|
|
|
|
+++ b/src/crypto/x509/root_unix.go
|
|
|
|
@@ -24,6 +24,14 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
|
|
|
|
|
|
|
|
func loadSystemRoots() (*CertPool, error) {
|
|
|
|
roots := NewCertPool()
|
2017-03-18 19:38:43 +01:00
|
|
|
+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
|
2017-02-23 22:06:47 +01:00
|
|
|
+ data, err := ioutil.ReadFile(file)
|
|
|
|
+ if err == nil {
|
|
|
|
+ roots.AppendCertsFromPEM(data)
|
|
|
|
+ return roots, nil
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
var firstErr error
|
|
|
|
for _, file := range certFiles {
|
|
|
|
data, err := ioutil.ReadFile(file)
|