Search in more locations for the system's root certificates.
TEST=access pub under wolfi
Bug: https://github.com/dart-lang/sdk/issues/56734
Change-Id: Ie2033d3551966180dfdf3eff1b5ef39ac0b79ce7
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/388080
Reviewed-by: Brian Quinlan <bquinlan@google.com>
Commit-Queue: Ryan Macnak <rmacnak@google.com>
diff --git a/runtime/bin/security_context_linux.cc b/runtime/bin/security_context_linux.cc
index dc89845..57fde54 100644
--- a/runtime/bin/security_context_linux.cc
+++ b/runtime/bin/security_context_linux.cc
@@ -62,16 +62,33 @@
// discussion of the complexities of this endeavor can be found here:
//
// https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/
- const char* bundle = "/etc/pki/tls/certs/ca-bundle.crt";
- const char* cachedir = "/etc/ssl/certs";
- if (File::Exists(nullptr, bundle)) {
- LoadRootCertFile(bundle);
- return;
+ //
+ // This set of locations was copied from gRPC.
+ const char* kCertFiles[] = {
+ "/etc/ssl/certs/ca-certificates.crt",
+ "/etc/pki/tls/certs/ca-bundle.crt",
+ "/etc/ssl/ca-bundle.pem",
+ "/etc/pki/tls/cacert.pem",
+ "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem",
+ };
+ const char* kCertDirectories[] = {
+ "/etc/ssl/certs", "/system/etc/security/cacerts",
+ "/usr/local/share/certs", "/etc/pki/tls/certs",
+ "/etc/openssl/certs",
+ };
+ for (size_t i = 0; i < ARRAY_SIZE(kCertFiles); i++) {
+ const char* bundle = kCertFiles[i];
+ if (File::Exists(nullptr, bundle)) {
+ LoadRootCertFile(bundle);
+ return;
+ }
}
-
- if (Directory::Exists(nullptr, cachedir) == Directory::EXISTS) {
- LoadRootCertCache(cachedir);
- return;
+ for (size_t i = 0; i < ARRAY_SIZE(kCertDirectories); i++) {
+ const char* cachedir = kCertDirectories[i];
+ if (Directory::Exists(nullptr, cachedir) == Directory::EXISTS) {
+ LoadRootCertCache(cachedir);
+ return;
+ }
}
#endif
}
diff --git a/runtime/platform/globals.h b/runtime/platform/globals.h
index 34bda32..124b85b 100644
--- a/runtime/platform/globals.h
+++ b/runtime/platform/globals.h
@@ -575,6 +575,14 @@
return static_cast<double>(micros) / kMicrosecondsPerMillisecond;
}
+// The expression ARRAY_SIZE(array) is a compile-time constant of type
+// size_t which represents the number of elements of the given
+// array. You should only use ARRAY_SIZE on statically allocated
+// arrays.
+#define ARRAY_SIZE(array) \
+ ((sizeof(array) / sizeof(*(array))) / \
+ static_cast<intptr_t>(!(sizeof(array) % sizeof(*(array))))) // NOLINT
+
// A macro to disallow the copy constructor and operator= functions.
// This should be used in the private: declarations for a class.
#if !defined(DISALLOW_COPY_AND_ASSIGN)
diff --git a/runtime/vm/globals.h b/runtime/vm/globals.h
index 7cf67f4..116c994 100644
--- a/runtime/vm/globals.h
+++ b/runtime/vm/globals.h
@@ -65,14 +65,6 @@
#define kPosInfinity bit_cast<double>(DART_UINT64_C(0x7ff0000000000000))
#define kNegInfinity bit_cast<double>(DART_UINT64_C(0xfff0000000000000))
-// The expression ARRAY_SIZE(array) is a compile-time constant of type
-// size_t which represents the number of elements of the given
-// array. You should only use ARRAY_SIZE on statically allocated
-// arrays.
-#define ARRAY_SIZE(array) \
- ((sizeof(array) / sizeof(*(array))) / \
- static_cast<intptr_t>(!(sizeof(array) % sizeof(*(array))))) // NOLINT
-
#if defined(PRODUCT) && defined(DEBUG)
#error Both PRODUCT and DEBUG defined.
#endif // defined(PRODUCT) && defined(DEBUG)
