AdGuardHome/internal/aghtls/root_linux.go
Ainar Garipov a1acfbbae4 Pull request: 4925-refactor-tls-vol-1
Merge in DNS/adguard-home from 4925-refactor-tls-vol-1 to master

Squashed commit of the following:

commit ad87b2e93183b28f2e38666cc4267fa8dfd1cca0
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Oct 14 18:49:22 2022 +0300

    all: refactor tls, vol. 1

    Co-Authored-By: Rahul Somasundaram <Rahul.Somasundaram@checkpt.com>
2022-10-14 19:03:03 +03:00

57 lines
1.1 KiB
Go

//go:build linux
package aghtls
import (
"crypto/x509"
"os"
"path/filepath"
"github.com/AdguardTeam/golibs/errors"
"github.com/AdguardTeam/golibs/log"
)
func rootCAs() (roots *x509.CertPool) {
// Directories with the system root certificates, which aren't supported by
// Go's crypto/x509.
dirs := []string{
// Entware.
"/opt/etc/ssl/certs",
}
roots = x509.NewCertPool()
for _, dir := range dirs {
dirEnts, err := os.ReadDir(dir)
if err != nil {
if errors.Is(err, os.ErrNotExist) {
continue
}
// TODO(a.garipov): Improve error handling here and in other places.
log.Error("aghtls: opening directory %q: %s", dir, err)
}
var rootsAdded bool
for _, de := range dirEnts {
var certData []byte
rootFile := filepath.Join(dir, de.Name())
certData, err = os.ReadFile(rootFile)
if err != nil {
log.Error("aghtls: reading root cert: %s", err)
} else {
if roots.AppendCertsFromPEM(certData) {
rootsAdded = true
} else {
log.Error("aghtls: could not add root from %q", rootFile)
}
}
}
if rootsAdded {
return roots
}
}
return nil
}