結果是 openssl/ctx.go:
// LoadVerifyLocations tells the context to trust all certificate authorities
// provided in either the ca_file or the ca_path.
// See http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html for
// more.
func (c *Ctx) LoadVerifyLocations(ca_file string, ca_path string) error {
runtime.LockOSThread()
defer runtime.UnlockOSThread()
var c_ca_file, c_ca_path *C.char
if ca_file != "" {
c_ca_file = C.CString(ca_file)
defer C.free(unsafe.Pointer(c_ca_file))
}
if ca_path != "" {
c_ca_path = C.CString(ca_path)
defer C.free(unsafe.Pointer(c_ca_path))
}
if C.SSL_CTX_load_verify_locations(c.ctx, c_ca_file, c_ca_path) != 1 {
return errorFromErrorQueue()
}
runtime.KeepAlive(c)
return nil
}
caller 是:
func loadServerTrust(ctx *openssl.Ctx, conf *Config) (*openssl.Ctx, error) {
defaultCertDir, err := openssl.GetDefaultCertificateDirectory()
if err != nil {
return ctx, errors.Wrap(err, "Failed to get the default OpenSSL certificate directory. Please verify the OpenSSL setup")
}
sysCertsFound, err := nrOfSystemCertsFound(defaultCertDir)
if err != nil {
log.Warnf("Failed to list the system certificates with error: %s", err.Error())
}
// Set the default system certificate path for this OpenSSL context
err = ctx.SetDefaultVerifyPaths()
if err != nil {
return ctx, fmt.Errorf("Failed to set the default OpenSSL directory. OpenSSL error code: %s", err.Error())
}
// Load the server certificate into the OpenSSL context
err = ctx.LoadVerifyLocations(conf.ServerCert, "")
if err != nil {
if strings.Contains(err.Error(), "No such file or directory") {
log.Warnf(errMissingServerCertF, conf.ServerCert)
} else {
log.Errorf("Failed to Load the Server certificate. Err %s", err.Error())
}
// If no system certificates, nor a server certificate is found,
// warn the user, as this is a pretty common error.
if sysCertsFound == 0 {
log.Error(errMissingCerts)
}
}
return ctx, err
}
沒有留言:
張貼留言