[lxc-devel] [lxd/master] shared: Fix windows cert handling
stgraber on Github
lxc-bot at linuxcontainers.org
Sun Dec 9 22:26:05 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20181209/237152a5/attachment.bin>
-------------- next part --------------
From ae3d7f83ccf7048f9ef5c9271c961c32d72636be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sun, 9 Dec 2018 17:18:11 -0500
Subject: [PATCH] shared: Fix windows cert handling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
shared/network.go | 2 +-
shared/network_unix.go | 11 +++++++++++
shared/network_windows.go | 19 +++++++++++++++++++
3 files changed, 31 insertions(+), 1 deletion(-)
create mode 100644 shared/network_unix.go
create mode 100644 shared/network_windows.go
diff --git a/shared/network.go b/shared/network.go
index d71dffb046..64d4bd8afb 100644
--- a/shared/network.go
+++ b/shared/network.go
@@ -68,7 +68,7 @@ func finalizeTLSConfig(tlsConfig *tls.Config, tlsRemoteCert *x509.Certificate) {
if tlsRemoteCert != nil {
caCertPool := tlsConfig.RootCAs
if caCertPool == nil {
- caCertPool, _ = x509.SystemCertPool()
+ caCertPool, _ = systemCertPool()
if caCertPool == nil {
caCertPool = x509.NewCertPool()
}
diff --git a/shared/network_unix.go b/shared/network_unix.go
new file mode 100644
index 0000000000..3c9790a18a
--- /dev/null
+++ b/shared/network_unix.go
@@ -0,0 +1,11 @@
+// +build !windows
+
+package shared
+
+import (
+ "crypto/x509"
+)
+
+func systemCertPool() (*x509.CertPool, error) {
+ return x509.SystemCertPool()
+}
diff --git a/shared/network_windows.go b/shared/network_windows.go
new file mode 100644
index 0000000000..e883f86a40
--- /dev/null
+++ b/shared/network_windows.go
@@ -0,0 +1,19 @@
+// +build windows
+
+package shared
+
+import (
+ "crypto/x509"
+ "fmt"
+
+ "code.cloudfoundry.org/systemcerts"
+)
+
+func systemCertPool() (*x509.CertPool, error) {
+ pool := systemcerts.SystemRootsPool()
+ if pool == nil {
+ return nil, fmt.Errorf("Bad system root pool")
+ }
+
+ return pool.AsX509CertPool(), nil
+}
More information about the lxc-devel
mailing list