func loadSystemRoots() (*CertPool, error) { roots := NewCertPool() var data C.CFDataRef = nil var untrustedData C.CFDataRef = nil err := C.FetchPEMRoots(&data, &untrustedData) if err == -1 { // TODO: better error message return nil, errors.New("crypto/x509: failed to load darwin system roots with cgo") } defer C.CFRelease(C.CFTypeRef(data)) buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data))) roots.AppendCertsFromPEM(buf) if untrustedData == nil { return roots, nil } defer C.CFRelease(C.CFTypeRef(untrustedData)) buf = C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(untrustedData)), C.int(C.CFDataGetLength(untrustedData))) untrustedRoots := NewCertPool() untrustedRoots.AppendCertsFromPEM(buf) trustedRoots := NewCertPool() for _, c := range roots.certs { if !untrustedRoots.contains(c) { trustedRoots.AddCert(c) } } return trustedRoots, nil }
func initDefaultRoots() { roots := x509.NewCertPool() var data C.CFDataRef = nil err := C.FetchPEMRoots(&data) if err != -1 { defer C.CFRelease(C.CFTypeRef(data)) buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data))) roots.AppendCertsFromPEM(buf) } varDefaultRoots = roots }
func initSystemRoots() { roots := NewCertPool() var data C.CFDataRef = nil err := C.FetchPEMRoots(&data) if err == -1 { return } defer C.CFRelease(C.CFTypeRef(data)) buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data))) roots.AppendCertsFromPEM(buf) systemRoots = roots }
func loadSystemRoots() (*CertPool, error) { roots := NewCertPool() var data C.CFDataRef = nil err := C.FetchPEMRoots(&data) if err == -1 { // TODO: better error message return nil, errors.New("crypto/x509: failed to load darwin system roots with cgo") } defer C.CFRelease(C.CFTypeRef(data)) buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data))) roots.AppendCertsFromPEM(buf) return roots, nil }