AdGuardHome/internal/aghtls/root_linux.go

//go:build linux

package aghtls

import (
	"crypto/x509"
	"os"
	"path/filepath"

	"github.com/AdguardTeam/golibs/errors"
	"github.com/AdguardTeam/golibs/log"
)

func rootCAs() (roots *x509.CertPool) {
	// Directories with the system root certificates, which aren't supported by
	// Go's crypto/x509.
	dirs := []string{
		// Entware.
		"/opt/etc/ssl/certs",
	}

	roots = x509.NewCertPool()
	for _, dir := range dirs {
		dirEnts, err := os.ReadDir(dir)
		if err != nil {
			if errors.Is(err, os.ErrNotExist) {
				continue
			}

			// TODO(a.garipov): Improve error handling here and in other places.
			log.Error("aghtls: opening directory %q: %s", dir, err)
		}

		var rootsAdded bool
		for _, de := range dirEnts {
			var certData []byte
			rootFile := filepath.Join(dir, de.Name())
			certData, err = os.ReadFile(rootFile)
			if err != nil {
				log.Error("aghtls: reading root cert: %s", err)
			} else {
				if roots.AppendCertsFromPEM(certData) {
					rootsAdded = true
				} else {
					log.Error("aghtls: could not add root from %q", rootFile)
				}
			}
		}

		if rootsAdded {
			return roots
		}
	}

	return nil
}
Pull request: 4925-refactor-tls-vol-1 Merge in DNS/adguard-home from 4925-refactor-tls-vol-1 to master Squashed commit of the following: commit ad87b2e93183b28f2e38666cc4267fa8dfd1cca0 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Oct 14 18:49:22 2022 +0300 all: refactor tls, vol. 1 Co-Authored-By: Rahul Somasundaram <Rahul.Somasundaram@checkpt.com> 2022-10-14 19:03:03 +03:00			`//go:build linux`

			`package aghtls`

			`import (`
			`"crypto/x509"`
			`"os"`
			`"path/filepath"`

			`"github.com/AdguardTeam/golibs/errors"`
			`"github.com/AdguardTeam/golibs/log"`
			`)`

			`func rootCAs() (roots *x509.CertPool) {`
			`// Directories with the system root certificates, which aren't supported by`
			`// Go's crypto/x509.`
			`dirs := []string{`
			`// Entware.`
			`"/opt/etc/ssl/certs",`
			`}`

			`roots = x509.NewCertPool()`
			`for _, dir := range dirs {`
			`dirEnts, err := os.ReadDir(dir)`
			`if err != nil {`
			`if errors.Is(err, os.ErrNotExist) {`
			`continue`
			`}`

			`// TODO(a.garipov): Improve error handling here and in other places.`
			`log.Error("aghtls: opening directory %q: %s", dir, err)`
			`}`

			`var rootsAdded bool`
			`for _, de := range dirEnts {`
			`var certData []byte`
			`rootFile := filepath.Join(dir, de.Name())`
			`certData, err = os.ReadFile(rootFile)`
			`if err != nil {`
			`log.Error("aghtls: reading root cert: %s", err)`
			`} else {`
			`if roots.AppendCertsFromPEM(certData) {`
			`rootsAdded = true`
			`} else {`
			`log.Error("aghtls: could not add root from %q", rootFile)`
			`}`
			`}`
			`}`

			`if rootsAdded {`
			`return roots`
			`}`
			`}`

			`return nil`
			`}`