crypto/x509: support RHEL 7 cert bundle

RHEL 7 introduces a new tool, update-ca-trust(8), which places the certificate bundle in a new location. Add this path to the list of locations that are searched for the certificate bundle. Fixes #15749 Change-Id: Idc97f885ee48ef085f1eb4dacbd1c2cf55f94ff5 Reviewed-on: https://go-review.googlesource.com/30375 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2024-09-15 22:20:06 +00:00 · 2016-10-05 18:04:54 -04:00 · 2016-10-05 18:04:54 -04:00 · ce645534e4
parent 936ae27b9c
commit ce645534e4
1 changed files with 5 additions and 4 deletions
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@ -6,8 +6,9 @@ package x509

 // Possible certificate files; stop after finding one.
 var certFiles = []string{
-	"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
-	"/etc/pki/tls/certs/ca-bundle.crt",   // Fedora/RHEL
-	"/etc/ssl/ca-bundle.pem",             // OpenSUSE
-	"/etc/pki/tls/cacert.pem",            // OpenELEC
+	"/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
+	"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
+	"/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6
+	"/etc/ssl/ca-bundle.pem",                            // OpenSUSE
+	"/etc/pki/tls/cacert.pem",                           // OpenELEC
 }