[lxc-devel] [lxd/master] shared: Fix windows cert handling

stgraber on Github lxc-bot at linuxcontainers.org
Sun Dec 9 22:26:05 UTC 2018


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20181209/237152a5/attachment.bin>
-------------- next part --------------
From ae3d7f83ccf7048f9ef5c9271c961c32d72636be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sun, 9 Dec 2018 17:18:11 -0500
Subject: [PATCH] shared: Fix windows cert handling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 shared/network.go         |  2 +-
 shared/network_unix.go    | 11 +++++++++++
 shared/network_windows.go | 19 +++++++++++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 shared/network_unix.go
 create mode 100644 shared/network_windows.go

diff --git a/shared/network.go b/shared/network.go
index d71dffb046..64d4bd8afb 100644
--- a/shared/network.go
+++ b/shared/network.go
@@ -68,7 +68,7 @@ func finalizeTLSConfig(tlsConfig *tls.Config, tlsRemoteCert *x509.Certificate) {
 	if tlsRemoteCert != nil {
 		caCertPool := tlsConfig.RootCAs
 		if caCertPool == nil {
-			caCertPool, _ = x509.SystemCertPool()
+			caCertPool, _ = systemCertPool()
 			if caCertPool == nil {
 				caCertPool = x509.NewCertPool()
 			}
diff --git a/shared/network_unix.go b/shared/network_unix.go
new file mode 100644
index 0000000000..3c9790a18a
--- /dev/null
+++ b/shared/network_unix.go
@@ -0,0 +1,11 @@
+// +build !windows
+
+package shared
+
+import (
+	"crypto/x509"
+)
+
+func systemCertPool() (*x509.CertPool, error) {
+	return x509.SystemCertPool()
+}
diff --git a/shared/network_windows.go b/shared/network_windows.go
new file mode 100644
index 0000000000..e883f86a40
--- /dev/null
+++ b/shared/network_windows.go
@@ -0,0 +1,19 @@
+// +build windows
+
+package shared
+
+import (
+	"crypto/x509"
+	"fmt"
+
+	"code.cloudfoundry.org/systemcerts"
+)
+
+func systemCertPool() (*x509.CertPool, error) {
+	pool := systemcerts.SystemRootsPool()
+	if pool == nil {
+		return nil, fmt.Errorf("Bad system root pool")
+	}
+
+	return pool.AsX509CertPool(), nil
+}


More information about the lxc-devel mailing list