1 // Copyright 2011 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // +build freebsd linux openbsd netbsd
11 // Possible certificate files; stop after finding one.
12 var certFiles = []string{
13 "/etc/ssl/certs/ca-certificates.crt", // Linux etc
14 "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL
15 "/etc/ssl/ca-bundle.pem", // OpenSUSE
16 "/etc/ssl/cert.pem", // OpenBSD
17 "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD
20 func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
24 func initSystemRoots() {
25 roots := NewCertPool()
26 for _, file := range certFiles {
27 data, err := ioutil.ReadFile(file)
29 roots.AppendCertsFromPEM(data)