func loadSystemRoots() (*CertPool, error) { const CRYPT_E_NOT_FOUND = 0x80092004 store, err := syscall.CertOpenSystemStore(0, syscall.StringToUTF16Ptr("ROOT")) if err != nil { return nil, err } defer syscall.CertCloseStore(store, 0) roots := NewCertPool() var cert *syscall.CertContext for { cert, err = syscall.CertEnumCertificatesInStore(store, cert) if err != nil { if errno, ok := err.(syscall.Errno); ok { if errno == CRYPT_E_NOT_FOUND { break } } return nil, err } if cert == nil { break } // Copy the buf, since ParseCertificate does not create its own copy. buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:] buf2 := make([]byte, cert.Length) copy(buf2, buf) if c, err := ParseCertificate(buf2); err == nil { roots.AddCert(c) } } return roots, nil }
func loadStore(roots *x509.CertPool, name string) { store, errno := syscall.CertOpenSystemStore(syscall.InvalidHandle, syscall.StringToUTF16Ptr(name)) if errno != 0 { return } var cert *syscall.CertContext for { cert = syscall.CertEnumCertificatesInStore(store, cert) if cert == nil { break } var asn1Slice []byte hdrp := (*reflect.SliceHeader)(unsafe.Pointer(&asn1Slice)) hdrp.Data = cert.EncodedCert hdrp.Len = int(cert.Length) hdrp.Cap = int(cert.Length) buf := make([]byte, len(asn1Slice)) copy(buf, asn1Slice) if cert, err := x509.ParseCertificate(buf); err == nil { roots.AddCert(cert) } } syscall.CertCloseStore(store, 0) }
func loadStore(roots *x509.CertPool, name string) { store, err := syscall.CertOpenSystemStore(syscall.InvalidHandle, syscall.StringToUTF16Ptr(name)) if err != nil { return } defer syscall.CertCloseStore(store, 0) var cert *syscall.CertContext for { cert, err = syscall.CertEnumCertificatesInStore(store, cert) if err != nil { return } buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:] // ParseCertificate requires its own copy of certificate data to keep. buf2 := make([]byte, cert.Length) copy(buf2, buf) if c, err := x509.ParseCertificate(buf2); err == nil { roots.AddCert(c) } } }