Commit 2c8b70ea authored by Brad Fitzpatrick's avatar Brad Fitzpatrick

crypto/x509: revert SystemCertPool implementation for Windows

Updates #18609

Change-Id: I8306135660f52cf625bed4c7f53f632e527617de
Reviewed-on: https://go-review.googlesource.com/35265
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: default avatarRuss Cox <rsc@golang.org>
Reviewed-by: default avatarQuentin Smith <quentin@golang.org>
parent fcfd9185
...@@ -809,11 +809,6 @@ Optimizations and minor bug fixes are not listed. ...@@ -809,11 +809,6 @@ Optimizations and minor bug fixes are not listed.
<dl id="crypto_x509"><dt><a href="/pkg/crypto/x509/">crypto/x509</a></dt> <dl id="crypto_x509"><dt><a href="/pkg/crypto/x509/">crypto/x509</a></dt>
<dd> <dd>
<p> <!-- CL 30578 -->
<a href="/pkg/crypto/x509/#SystemCertPool"><code>SystemCertPool</code></a>
is now implemented on Windows.
</p>
<p> <!-- CL 24743 --> <p> <!-- CL 24743 -->
PSS signatures are now supported. PSS signatures are now supported.
</p> </p>
......
...@@ -4,7 +4,11 @@ ...@@ -4,7 +4,11 @@
package x509 package x509
import "encoding/pem" import (
"encoding/pem"
"errors"
"runtime"
)
// CertPool is a set of certificates. // CertPool is a set of certificates.
type CertPool struct { type CertPool struct {
...@@ -26,6 +30,11 @@ func NewCertPool() *CertPool { ...@@ -26,6 +30,11 @@ func NewCertPool() *CertPool {
// Any mutations to the returned pool are not written to disk and do // Any mutations to the returned pool are not written to disk and do
// not affect any other pool. // not affect any other pool.
func SystemCertPool() (*CertPool, error) { func SystemCertPool() (*CertPool, error) {
if runtime.GOOS == "windows" {
// Issue 16736, 18609:
return nil, errors.New("crypto/x509: system root pool is not available on Windows")
}
return loadSystemRoots() return loadSystemRoots()
} }
......
...@@ -226,6 +226,11 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate ...@@ -226,6 +226,11 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
} }
func loadSystemRoots() (*CertPool, error) { func loadSystemRoots() (*CertPool, error) {
// TODO: restore this functionality on Windows. We tried to do
// it in Go 1.8 but had to revert it. See Issue 18609.
// Returning (nil, nil) was the old behavior, prior to CL 30578.
return nil, nil
const CRYPT_E_NOT_FOUND = 0x80092004 const CRYPT_E_NOT_FOUND = 0x80092004
store, err := syscall.CertOpenSystemStore(0, syscall.StringToUTF16Ptr("ROOT")) store, err := syscall.CertOpenSystemStore(0, syscall.StringToUTF16Ptr("ROOT"))
......
...@@ -24,6 +24,7 @@ import ( ...@@ -24,6 +24,7 @@ import (
"net" "net"
"os/exec" "os/exec"
"reflect" "reflect"
"runtime"
"strings" "strings"
"testing" "testing"
"time" "time"
...@@ -1477,6 +1478,9 @@ func TestMultipleRDN(t *testing.T) { ...@@ -1477,6 +1478,9 @@ func TestMultipleRDN(t *testing.T) {
} }
func TestSystemCertPool(t *testing.T) { func TestSystemCertPool(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("not implemented on Windows; Issue 16736, 18609")
}
_, err := SystemCertPool() _, err := SystemCertPool()
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment