[lxc-devel] [lxd/master] shared: Fix Windows build
stgraber on Github
lxc-bot at linuxcontainers.org
Sun Apr 14 21:43:29 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190414/8dc8be85/attachment.bin>
-------------- next part --------------
From 3943365ccd27c96ad44f47908752d1ee7a2f0916 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sun, 14 Apr 2019 17:43:09 -0400
Subject: [PATCH] shared: Fix Windows build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
shared/network_windows.go | 50 +++++++++++++++++++++++++++++++++++----
1 file changed, 46 insertions(+), 4 deletions(-)
diff --git a/shared/network_windows.go b/shared/network_windows.go
index e883f86a40..2a8319b871 100644
--- a/shared/network_windows.go
+++ b/shared/network_windows.go
@@ -5,15 +5,57 @@ package shared
import (
"crypto/x509"
"fmt"
+ "sync"
+ "syscall"
+ "unsafe"
- "code.cloudfoundry.org/systemcerts"
+ "golang.org/x/sys/windows"
)
+var once sync.Once
+var systemRoots *x509.CertPool
+
func systemCertPool() (*x509.CertPool, error) {
- pool := systemcerts.SystemRootsPool()
- if pool == nil {
+ once.Do(initSystemRoots)
+ if systemRoots == nil {
return nil, fmt.Errorf("Bad system root pool")
}
+ return systemRoots, nil
+}
+
+func initSystemRoots() {
+ const CRYPT_E_NOT_FOUND = 0x80092004
+
+ store, err := windows.CertOpenSystemStore(0, windows.StringToUTF16Ptr("ROOT"))
+ if err != nil {
+ systemRoots = nil
+ return
+ }
+ defer windows.CertCloseStore(store, 0)
- return pool.AsX509CertPool(), nil
+ roots := x509.NewCertPool()
+ var cert *windows.CertContext
+ for {
+ cert, err = windows.CertEnumCertificatesInStore(store, cert)
+ if err != nil {
+ if errno, ok := err.(syscall.Errno); ok {
+ if errno == CRYPT_E_NOT_FOUND {
+ break
+ }
+ }
+ systemRoots = nil
+ return
+ }
+ if cert == nil {
+ break
+ }
+ // Copy the buf, since ParseCertificate does not create its own copy.
+ buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
+ buf2 := make([]byte, cert.Length)
+ copy(buf2, buf)
+ if c, err := x509.ParseCertificate(buf2); err == nil {
+ roots.AddCert(c)
+ }
+ }
+ systemRoots = roots
}
More information about the lxc-devel
mailing list