// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build aix || dragonfly || freebsd || (js && wasm) || linux || netbsd || openbsd || solaris || wasip1

package x509

import (
	
	
	
	
)

const (
	// certFileEnv is the environment variable which identifies where to locate
	// the SSL certificate file. If set this overrides the system default.
	certFileEnv = "SSL_CERT_FILE"

	// certDirEnv is the environment variable which identifies which directory
	// to check for SSL certificate files. If set this overrides the system default.
	// It is a colon separated list of directories.
	// See https://www.openssl.org/docs/man1.0.2/man1/c_rehash.html.
	certDirEnv = "SSL_CERT_DIR"
)

func ( *Certificate) ( *VerifyOptions) ( [][]*Certificate,  error) {
	return nil, nil
}

func loadSystemRoots() (*CertPool, error) {
	 := NewCertPool()

	 := certFiles
	if  := os.Getenv(certFileEnv);  != "" {
		 = []string{}
	}

	var  error
	for ,  := range  {
		,  := os.ReadFile()
		if  == nil {
			.AppendCertsFromPEM()
			break
		}
		if  == nil && !os.IsNotExist() {
			 = 
		}
	}

	 := certDirectories
	if  := os.Getenv(certDirEnv);  != "" {
		// OpenSSL and BoringSSL both use ":" as the SSL_CERT_DIR separator.
		// See:
		//  * https://golang.org/issue/35325
		//  * https://www.openssl.org/docs/man1.0.2/man1/c_rehash.html
		 = strings.Split(, ":")
	}

	for ,  := range  {
		,  := readUniqueDirectoryEntries()
		if  != nil {
			if  == nil && !os.IsNotExist() {
				 = 
			}
			continue
		}
		for ,  := range  {
			,  := os.ReadFile( + "/" + .Name())
			if  == nil {
				.AppendCertsFromPEM()
			}
		}
	}

	if .len() > 0 ||  == nil {
		return , nil
	}

	return nil, 
}

// readUniqueDirectoryEntries is like os.ReadDir but omits
// symlinks that point within the directory.
func readUniqueDirectoryEntries( string) ([]fs.DirEntry, error) {
	,  := os.ReadDir()
	if  != nil {
		return nil, 
	}
	 := [:0]
	for ,  := range  {
		if !isSameDirSymlink(, ) {
			 = append(, )
		}
	}
	return , nil
}

// isSameDirSymlink reports whether fi in dir is a symlink with a
// target not containing a slash.
func isSameDirSymlink( fs.DirEntry,  string) bool {
	if .Type()&fs.ModeSymlink == 0 {
		return false
	}
	,  := os.Readlink(filepath.Join(, .Name()))
	return  == nil && !strings.Contains(, "/")
}