[lxc-devel] [lxd/master] shared: Fix Windows build

stgraber on Github lxc-bot at linuxcontainers.org
Sun Apr 14 21:43:29 UTC 2019 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190414/8dc8be85/attachment.bin>
-------------- next part --------------
From 3943365ccd27c96ad44f47908752d1ee7a2f0916 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sun, 14 Apr 2019 17:43:09 -0400
Subject: [PATCH] shared: Fix Windows build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 shared/network_windows.go | 50 +++++++++++++++++++++++++++++++++++----
 1 file changed, 46 insertions(+), 4 deletions(-)

diff --git a/shared/network_windows.go b/shared/network_windows.go
index e883f86a40..2a8319b871 100644
--- a/shared/network_windows.go
+++ b/shared/network_windows.go
@@ -5,15 +5,57 @@ package shared
 import (
 	"crypto/x509"
 	"fmt"
+	"sync"
+	"syscall"
+	"unsafe"
 
-	"code.cloudfoundry.org/systemcerts"
+	"golang.org/x/sys/windows"
 )
 
+var once sync.Once
+var systemRoots *x509.CertPool
+
 func systemCertPool() (*x509.CertPool, error) {
-	pool := systemcerts.SystemRootsPool()
-	if pool == nil {
+	once.Do(initSystemRoots)
+	if systemRoots == nil {
 		return nil, fmt.Errorf("Bad system root pool")
 	}
+	return systemRoots, nil
+}
+
+func initSystemRoots() {
+	const CRYPT_E_NOT_FOUND = 0x80092004
+
+	store, err := windows.CertOpenSystemStore(0, windows.StringToUTF16Ptr("ROOT"))
+	if err != nil {
+		systemRoots = nil
+		return
+	}
+	defer windows.CertCloseStore(store, 0)
 
-	return pool.AsX509CertPool(), nil
+	roots := x509.NewCertPool()
+	var cert *windows.CertContext
+	for {
+		cert, err = windows.CertEnumCertificatesInStore(store, cert)
+		if err != nil {
+			if errno, ok := err.(syscall.Errno); ok {
+				if errno == CRYPT_E_NOT_FOUND {
+					break
+				}
+			}
+			systemRoots = nil
+			return
+		}
+		if cert == nil {
+			break
+		}
+		// Copy the buf, since ParseCertificate does not create its own copy.
+		buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
+		buf2 := make([]byte, cert.Length)
+		copy(buf2, buf)
+		if c, err := x509.ParseCertificate(buf2); err == nil {
+			roots.AddCert(c)
+		}
+	}
+	systemRoots = roots
 }

More information about the lxc-devel mailing list