mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-12-16 11:52:58 +03:00
a1acfbbae4
Merge in DNS/adguard-home from 4925-refactor-tls-vol-1 to master Squashed commit of the following: commit ad87b2e93183b28f2e38666cc4267fa8dfd1cca0 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Oct 14 18:49:22 2022 +0300 all: refactor tls, vol. 1 Co-Authored-By: Rahul Somasundaram <Rahul.Somasundaram@checkpt.com>
57 lines
1.1 KiB
Go
57 lines
1.1 KiB
Go
//go:build linux
|
|
|
|
package aghtls
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"os"
|
|
"path/filepath"
|
|
|
|
"github.com/AdguardTeam/golibs/errors"
|
|
"github.com/AdguardTeam/golibs/log"
|
|
)
|
|
|
|
func rootCAs() (roots *x509.CertPool) {
|
|
// Directories with the system root certificates, which aren't supported by
|
|
// Go's crypto/x509.
|
|
dirs := []string{
|
|
// Entware.
|
|
"/opt/etc/ssl/certs",
|
|
}
|
|
|
|
roots = x509.NewCertPool()
|
|
for _, dir := range dirs {
|
|
dirEnts, err := os.ReadDir(dir)
|
|
if err != nil {
|
|
if errors.Is(err, os.ErrNotExist) {
|
|
continue
|
|
}
|
|
|
|
// TODO(a.garipov): Improve error handling here and in other places.
|
|
log.Error("aghtls: opening directory %q: %s", dir, err)
|
|
}
|
|
|
|
var rootsAdded bool
|
|
for _, de := range dirEnts {
|
|
var certData []byte
|
|
rootFile := filepath.Join(dir, de.Name())
|
|
certData, err = os.ReadFile(rootFile)
|
|
if err != nil {
|
|
log.Error("aghtls: reading root cert: %s", err)
|
|
} else {
|
|
if roots.AppendCertsFromPEM(certData) {
|
|
rootsAdded = true
|
|
} else {
|
|
log.Error("aghtls: could not add root from %q", rootFile)
|
|
}
|
|
}
|
|
}
|
|
|
|
if rootsAdded {
|
|
return roots
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|