diff options
| author | Ondřej Surý <ondrej@sury.org> | 2012-03-26 16:50:58 +0200 |
|---|---|---|
| committer | Ondřej Surý <ondrej@sury.org> | 2012-03-26 16:50:58 +0200 |
| commit | 519725bb3c075ee2462c929f5997cb068e18466a (patch) | |
| tree | 5b162e8488ad147a645048c073577821b4a2bee9 /src/pkg/crypto/tls/root_darwin.go | |
| parent | 842623c5dd2819d980ca9c58048d6bc6ed82475f (diff) | |
| download | golang-upstream-weekly/2012.03.22.tar.gz | |
Imported Upstream version 2012.03.22upstream-weekly/2012.03.22
Diffstat (limited to 'src/pkg/crypto/tls/root_darwin.go')
| -rw-r--r-- | src/pkg/crypto/tls/root_darwin.go | 79 |
1 files changed, 0 insertions, 79 deletions
diff --git a/src/pkg/crypto/tls/root_darwin.go b/src/pkg/crypto/tls/root_darwin.go deleted file mode 100644 index 911a9a62e..000000000 --- a/src/pkg/crypto/tls/root_darwin.go +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package tls - -/* -#cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1060 -#cgo LDFLAGS: -framework CoreFoundation -framework Security - -#include <CoreFoundation/CoreFoundation.h> -#include <Security/Security.h> - -// FetchPEMRoots fetches the system's list of trusted X.509 root certificates. -// -// On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root -// certificates of the system. On failure, the function returns -1. -// -// Note: The CFDataRef returned in pemRoots must be released (using CFRelease) after -// we've consumed its content. -int FetchPEMRoots(CFDataRef *pemRoots) { - if (pemRoots == NULL) { - return -1; - } - - CFArrayRef certs = NULL; - OSStatus err = SecTrustCopyAnchorCertificates(&certs); - if (err != noErr) { - return -1; - } - - CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0); - int i, ncerts = CFArrayGetCount(certs); - for (i = 0; i < ncerts; i++) { - CFDataRef data = NULL; - SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, i); - if (cert == NULL) { - continue; - } - - // Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport. - // Once we support weak imports via cgo we should prefer that, and fall back to this - // for older systems. - err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data); - if (err != noErr) { - continue; - } - - if (data != NULL) { - CFDataAppendBytes(combinedData, CFDataGetBytePtr(data), CFDataGetLength(data)); - CFRelease(data); - } - } - - CFRelease(certs); - - *pemRoots = combinedData; - return 0; -} -*/ -import "C" -import ( - "crypto/x509" - "unsafe" -) - -func initDefaultRoots() { - roots := x509.NewCertPool() - - var data C.CFDataRef = nil - err := C.FetchPEMRoots(&data) - if err != -1 { - defer C.CFRelease(C.CFTypeRef(data)) - buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data))) - roots.AppendCertsFromPEM(buf) - } - - varDefaultRoots = roots -} |