FAQ
I've been playing with Russ's IMAP package and his gmail command (very
cool, check out code.google.com/p/rsc/gmail) on Plan 9, in the hopes of
putting together my own email system there.

I had a little hassle getting TLS working because crypto/x509 doesn't seem
to be fully implemented for Plan 9. Check out
src/pkg/crypto/x509/root_stub.go. In order to get things working properly,
I copied over ca-certificates.crt to /sys/lib/tls on Plan 9, and applied
the patch shown at the end of the email. Now, I'm not sure it's the best
way to do things--it certainly sucks having to get ca-certificates.crt from
a Linux/*BSD box--but it does work with a very minimal change. If there's
someone out there with a better way to do the TLS stuff under Plan 9, I'd
be happy to hear it, I just don't know Plan 9's TLS code well enough to
make it work that way.

John


diff -r 95fb3bcdc941 src/pkg/crypto/x509/root_stub.go
--- a/src/pkg/crypto/x509/root_stub.go Thu Sep 06 14:58:37 2012 -0700
+++ b/src/pkg/crypto/x509/root_stub.go Mon Sep 24 16:18:24 2012 -0700
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

-// +build plan9 darwin,!cgo
+// +build darwin,!cgo

package x509

diff -r 95fb3bcdc941 src/pkg/crypto/x509/root_unix.go
--- a/src/pkg/crypto/x509/root_unix.go Thu Sep 06 14:58:37 2012 -0700
+++ b/src/pkg/crypto/x509/root_unix.go Mon Sep 24 16:18:24 2012 -0700
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

-// +build freebsd linux openbsd netbsd
+// +build freebsd linux openbsd netbsd plan9

package x509

@@ -15,6 +15,7 @@
"/etc/ssl/ca-bundle.pem", // OpenSUSE
"/etc/ssl/cert.pem", // OpenBSD
"/usr/local/share/certs/ca-root-nss.crt", // FreeBSD
+ "/sys/lib/tls/ca-certificates.crt", // Plan 9
}

func (c *Certificate) systemVerify(opts *VerifyOptions) (chains
[][]*Certificate, err error) {

--

Search Discussions

  • David du Colombier at Sep 25, 2012 at 7:58 am

    I had a little hassle getting TLS working because crypto/x509 doesn't
    seem to be fully implemented for Plan 9. Check out
    src/pkg/crypto/x509/root_stub.go. In order to get things working
    properly, I copied over ca-certificates.crt to /sys/lib/tls on Plan
    9, and applied the patch shown at the end of the email. Now, I'm not
    sure it's the best way to do things--it certainly sucks having to get
    ca-certificates.crt from a Linux/*BSD box--but it does work with a
    very minimal change. If there's someone out there with a better way
    to do the TLS stuff under Plan 9, I'd be happy to hear it, I just
    don't know Plan 9's TLS code well enough to make it work that way.
    I've done a similar change on my Go installation on Plan 9,
    except that I've used a distinct root_plan9.go file.

    Since the native implementation of X.509 on Plan 9 doesn't
    support certification path validation, certificate authorities
    were meaningless on Plan 9, and thus there are still no standard
    file to store root certificates.

    Let's call it /sys/lib/tls/ca.crt and we're done with it.

    What do you think?

    --
    David du Colombier

    --
  • John Floren at Sep 25, 2012 at 3:18 pm

    On Tue, Sep 25, 2012 at 12:56 AM, David du Colombier wrote:
    I had a little hassle getting TLS working because crypto/x509 doesn't
    seem to be fully implemented for Plan 9. Check out
    src/pkg/crypto/x509/root_stub.go. In order to get things working
    properly, I copied over ca-certificates.crt to /sys/lib/tls on Plan
    9, and applied the patch shown at the end of the email. Now, I'm not
    sure it's the best way to do things--it certainly sucks having to get
    ca-certificates.crt from a Linux/*BSD box--but it does work with a
    very minimal change. If there's someone out there with a better way
    to do the TLS stuff under Plan 9, I'd be happy to hear it, I just
    don't know Plan 9's TLS code well enough to make it work that way.
    I've done a similar change on my Go installation on Plan 9,
    except that I've used a distinct root_plan9.go file.

    Since the native implementation of X.509 on Plan 9 doesn't
    support certification path validation, certificate authorities
    were meaningless on Plan 9, and thus there are still no standard
    file to store root certificates.

    Let's call it /sys/lib/tls/ca.crt and we're done with it.

    What do you think?

    --
    David du Colombier

    --
    Works for me, I don't particularly care if we do it in root_unix.go or
    root_plan9.go, although if we do root_plan9.go we'll just be
    duplicating code. /sys/lib/tls/ca.crt sounds fine to me too.


    john

    --

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
categoriesgo
postedSep 24, '12 at 11:26p
activeSep 25, '12 at 3:18p
posts3
users2
websitegolang.org

2 users in discussion

John Floren: 2 posts David du Colombier: 1 post

People

Translate

site design / logo © 2022 Grokbase