mirror of https://github.com/tailscale/tailscale/
tempfork/x509: remove the bundle tag in our fork
We want to be able to omit from only one (not both)reviewable/pr331/r1
Brad Fitzpatrick
4 years ago
parent
28c632c97b
commit
d427fc023e
@ -1,21 +0,0 @@
|
||||
// Copyright 2020 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build darwin,arm64,x509omitbundledroots
|
||||
|
||||
// This file provides the loadSystemRoots func when the
|
||||
// "x509omitbundledroots" build tag has disabled bundling a copy,
|
||||
// which currently on happens on darwin/arm64 (root_darwin_arm64.go).
|
||||
// This then saves 256 KiB of binary size and another 560 KiB of
|
||||
// runtime memory size retaining the parsed roots forever. Constrained
|
||||
// environments can construct minimal x509 root CertPools on the fly
|
||||
// in the crypto/tls.Config.VerifyPeerCertificate hook.
|
||||
|
||||
package x509
|
||||
|
||||
import "errors"
|
||||
|
||||
func loadSystemRoots() (*CertPool, error) {
|
||||
return nil, errors.New("x509: system root bundling disabled")
|
||||
}
|
||||
@ -1,22 +0,0 @@
|
||||
// Copyright 2020 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build darwin,arm64,x509omitbundledroots
|
||||
|
||||
package x509
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestOmitBundledRoots(t *testing.T) {
|
||||
cp, err := loadSystemRoots()
|
||||
if err == nil {
|
||||
t.Fatalf("loadSystemRoots = (pool %p, error %v); want non-nil error", cp, err)
|
||||
}
|
||||
if !strings.Contains(err.Error(), "root bundling disabled") {
|
||||
t.Errorf("unexpected error doesn't mention bundling: %v", err)
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue