Pull request: 4925-refactor-tls-vol-1

Merge in DNS/adguard-home from 4925-refactor-tls-vol-1 to master

Squashed commit of the following:

commit ad87b2e93183b28f2e38666cc4267fa8dfd1cca0
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Oct 14 18:49:22 2022 +0300

    all: refactor tls, vol. 1

    Co-Authored-By: Rahul Somasundaram <Rahul.Somasundaram@checkpt.com>

internal/home/tls.go

@@ -14,8 +14,6 @@ import (
 	"fmt"
 	"net/http"
 	"os"
-	"path/filepath"
-	"runtime"
 	"strings"
 	"sync"
 	"time"
@@ -699,46 +697,3 @@ func (t *TLSMod) registerWebHandlers() {
 	httpRegister(http.MethodPost, "/control/tls/configure", t.handleTLSConfigure)
 	httpRegister(http.MethodPost, "/control/tls/validate", t.handleTLSValidate)
 }
-
-// LoadSystemRootCAs tries to load root certificates from the operating system.
-// It returns nil in case nothing is found so that that Go.crypto will use it's
-// default algorithm to find system root CA list.
-//
-// See https://github.com/AdguardTeam/AdGuardHome/internal/issues/1311.
-func LoadSystemRootCAs() (roots *x509.CertPool) {
-	// TODO(e.burkov): Use build tags instead.
-	if runtime.GOOS != "linux" {
-		return nil
-	}
-
-	// Directories with the system root certificates, which aren't supported
-	// by Go.crypto.
-	dirs := []string{
-		// Entware.
-		"/opt/etc/ssl/certs",
-	}
-	roots = x509.NewCertPool()
-	for _, dir := range dirs {
-		dirEnts, err := os.ReadDir(dir)
-		if errors.Is(err, os.ErrNotExist) {
-			continue
-		} else if err != nil {
-			log.Error("opening directory: %q: %s", dir, err)
-		}
-
-		var rootsAdded bool
-		for _, de := range dirEnts {
-			var certData []byte
-			certData, err = os.ReadFile(filepath.Join(dir, de.Name()))
-			if err == nil && roots.AppendCertsFromPEM(certData) {
-				rootsAdded = true
-			}
-		}
-
-		if rootsAdded {
-			return roots
-		}
-	}
-
-	return nil
-}