1-- | 2-- Module : System.X509 3-- License : BSD-style 4-- Maintainer : Vincent Hanquez <vincent@snarc.org> 5-- Stability : experimental 6-- Portability : unix only 7-- 8-- this module is portable to unix system where there is usually 9-- a /etc/ssl/certs with system X509 certificates. 10-- 11-- the path can be dynamically override using the environment variable 12-- defined by envPathOverride in the module, which by 13-- default is SYSTEM_CERTIFICATE_PATH 14-- 15module System.X509.Unix 16 ( getSystemCertificateStore 17 ) where 18 19import System.Environment (getEnv) 20import Data.X509.CertificateStore 21 22import Control.Applicative ((<$>)) 23import qualified Control.Exception as E 24 25import Data.Maybe (catMaybes) 26import Data.Monoid (mconcat) 27 28defaultSystemPaths :: [FilePath] 29defaultSystemPaths = 30 [ "/etc/ssl/certs/" -- linux 31 , "/system/etc/security/cacerts/" -- android 32 , "/usr/local/share/certs/" -- freebsd 33 , "/etc/ssl/cert.pem" -- openbsd 34 ] 35 36envPathOverride :: String 37envPathOverride = "SYSTEM_CERTIFICATE_PATH" 38 39getSystemCertificateStore :: IO CertificateStore 40getSystemCertificateStore = mconcat . catMaybes <$> (getSystemPaths >>= mapM readCertificateStore) 41 42getSystemPaths :: IO [FilePath] 43getSystemPaths = E.catch ((:[]) <$> getEnv envPathOverride) inDefault 44 where 45 inDefault :: E.IOException -> IO [FilePath] 46 inDefault _ = return defaultSystemPaths 47