File: network_windows.go

package info (click to toggle)
incus 6.0.4-2
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 23,864 kB
  • sloc: sh: 16,015; ansic: 3,121; python: 456; makefile: 321; ruby: 51; sql: 50; lisp: 6
file content (68 lines) | stat: -rw-r--r-- 1,208 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
//go:build windows

package tls

import (
	"crypto/x509"
	"fmt"
	"sync"
	"unsafe"

	"golang.org/x/sys/windows"
)

var (
	once        sync.Once
	systemRoots *x509.CertPool
)

func systemCertPool() (*x509.CertPool, error) {
	once.Do(initSystemRoots)
	if systemRoots == nil {
		return nil, fmt.Errorf("Bad system root pool")
	}

	return systemRoots, nil
}

func initSystemRoots() {
	const CRYPT_E_NOT_FOUND = 0x80092004

	store, err := windows.CertOpenSystemStore(0, windows.StringToUTF16Ptr("ROOT"))
	if err != nil {
		systemRoots = nil
		return
	}

	defer windows.CertCloseStore(store, 0)

	roots := x509.NewCertPool()
	var cert *windows.CertContext
	for {
		cert, err = windows.CertEnumCertificatesInStore(store, cert)
		if err != nil {
			errno, ok := err.(windows.Errno)
			if ok {
				if errno == CRYPT_E_NOT_FOUND {
					break
				}
			}

			systemRoots = nil
			return
		}

		if cert == nil {
			break
		}
		// Copy the buf, since ParseCertificate does not create its own copy.
		buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
		buf2 := make([]byte, cert.Length)
		copy(buf2, buf)
		c, err := x509.ParseCertificate(buf2)
		if err == nil {
			roots.AddCert(c)
		}
	}
	systemRoots = roots
}