oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix: load certs on windows from registry (#11016)

Browse Source 
fixes #11007
master
Harshavardhana 4 years ago committed by GitHub
parent 303be1866d
commit ce0e17b62b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 88 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      pkg/certs/ca-certs.go
  2. 25
      pkg/certs/cert_pool_nix.go
  3. 60
      pkg/certs/cert_pool_windows.go

6
pkg/certs/ca-certs.go
Unescape View File

@ -26,10 +26,10 @@ import (
// GetRootCAs - returns all the root CAs into certPool // GetRootCAs - returns all the root CAs into certPool
// at the input certsCADir // at the input certsCADir
func GetRootCAs(certsCAsDir string) (*x509.CertPool, error) { func GetRootCAs(certsCAsDir string) (*x509.CertPool, error) {
rootCAs, _ := x509.SystemCertPool() rootCAs, _ := loadSystemRoots()
if rootCAs == nil { if rootCAs == nil {
// In some systems (like Windows) system cert pool is // In some systems system cert pool is not supported
// not supported or no certificates are present on the // or no certificates are present on the
// system - so we create a new cert pool. // system - so we create a new cert pool.
rootCAs = x509.NewCertPool() rootCAs = x509.NewCertPool()
} }

25
pkg/certs/cert_pool_nix.go
Unescape View File

@ -0,0 +1,25 @@
// +build !windows
/*
* MinIO Cloud Storage, (C) 2020 MinIO, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package certs
import "crypto/x509"
func loadSystemRoots() (*x509.CertPool, error) {
return x509.SystemCertPool()
}

60
pkg/certs/cert_pool_windows.go
Unescape View File

@ -0,0 +1,60 @@
// +build windows
/*
* MinIO Cloud Storage, (C) 2020 MinIO, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package certs
import (
"crypto/x509"
"syscall"
"unsafe"
)
func loadSystemRoots() (*x509.CertPool, error) {
const CRYPTENOTFOUND = 0x80092004
store, err := syscall.CertOpenSystemStore(0, syscall.StringToUTF16Ptr("ROOT"))
if err != nil {
return nil, err
}
defer syscall.CertCloseStore(store, 0)
roots := x509.NewCertPool()
var cert *syscall.CertContext
for {
cert, err = syscall.CertEnumCertificatesInStore(store, cert)
if err != nil {
if errno, ok := err.(syscall.Errno); ok {
if errno == CRYPTENOTFOUND {
break
}
}
return nil, err
}
if cert == nil {
break
}
// Copy the buf, since ParseCertificate does not create its own copy.
buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
buf2 := make([]byte, cert.Length)
copy(buf2, buf)
if c, err := x509.ParseCertificate(buf2); err == nil {
roots.AddCert(c)
}
}
return roots, nil
}
Write Preview
Loading…
Cancel
Save