| 254 | } |
| 255 | |
| 256 | func TLSConfig() (*tls.Config, error) { |
| 257 | if !OnAndroid() { |
| 258 | return nil, nil |
| 259 | } |
| 260 | certDir := "/system/etc/security/cacerts" |
| 261 | fi, err := os.Stat(certDir) |
| 262 | if err != nil { |
| 263 | return nil, err |
| 264 | } |
| 265 | if !fi.IsDir() { |
| 266 | return nil, fmt.Errorf("%q not a dir", certDir) |
| 267 | } |
| 268 | pool := x509.NewCertPool() |
| 269 | cfg := &tls.Config{RootCAs: pool} |
| 270 | |
| 271 | f, err := os.Open(certDir) |
| 272 | if err != nil { |
| 273 | return nil, err |
| 274 | } |
| 275 | defer f.Close() |
| 276 | names, _ := f.Readdirnames(-1) |
| 277 | for _, name := range names { |
| 278 | pem, err := os.ReadFile(filepath.Join(certDir, name)) |
| 279 | if err != nil { |
| 280 | return nil, err |
| 281 | } |
| 282 | pool.AppendCertsFromPEM(pem) |
| 283 | } |
| 284 | return cfg, nil |
| 285 | } |
| 286 | |
| 287 | // NoteFileUploaded is a hook for pk-put to report that a file |
| 288 | // was uploaded. TODO: move this to pkg/client/android probably. |