crypto/x509: avoid Android root store paths on other Linuxes

Updates #58922 Change-Id: I0eb2c97babb05b2d9bc36ed8af03579094bc02ac Reviewed-on: https://go-review.googlesource.com/c/go/+/531878 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Ingo Oeser <nightlyone@googlemail.com>
2025-05-30 19:52:53 +00:00 · 2023-10-04 13:53:31 +02:00 · 2023-10-04 13:53:31 +02:00 · b01cb72eb7
commit b01cb72eb7
parent cbcf8efa5f
1 changed files with 13 additions and 4 deletions
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@ -4,6 +4,8 @@

 package x509

+import "internal/goos"
+
 // Possible certificate files; stop after finding one.
 var certFiles = []string{
 	"/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
@ -16,8 +18,15 @@ var certFiles = []string{

 // Possible directories with certificate files; all will be read.
 var certDirectories = []string{
-	"/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
-	"/etc/pki/tls/certs",           // Fedora/RHEL
-	"/system/etc/security/cacerts", // Android
-	"/data/misc/keychain/certs-added", // Android user trusted CA folder
+	"/etc/ssl/certs",     // SLES10/SLES11, https://golang.org/issue/12139
+	"/etc/pki/tls/certs", // Fedora/RHEL
+}
+
+func init() {
+	if goos.IsAndroid == 1 {
+		certDirectories = append(certDirectories,
+			"/system/etc/security/cacerts",    // Android system roots
+			"/data/misc/keychain/certs-added", // User trusted CA folder
+		)
+	}
 }