• Steven Hartland's avatar
    crypto/x509: load certs from env vars + extra locations · e83bcd95
    Steven Hartland authored
    Add the ability to override the default file and directory from
    which certificates are loaded by setting the OpenSSL compatible
    environment variables: SSL_CERT_FILE, SSL_CERT_DIR.
    
    If the variables are set the default locations are not checked.
    
    Added new default file "/usr/local/etc/ssl/cert.pem" for FreeBSD.
    
    Certificates in the first valid location found for both file and
    directory are added, instead of only the first file location if
    a valid one was found, which is consistent with OpenSSL.
    
    Fixes #3905
    Fixes #14022
    Fixes #14311
    Fixes #16920
    Fixes #18813 - If user sets SSL_CERT_FILE.
    
    Change-Id: Ia24fb7c1c2ffff4338b4cf214bd040326ce27bb0
    Reviewed-on: https://go-review.googlesource.com/36093Reviewed-by: 's avatarBrad Fitzpatrick <bradfitz@golang.org>
    Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    e83bcd95
x509.go 68.7 KB