From 0ba4d599e412640248d4e688537aaea4c43ecbcc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20B=C3=BCnemann?= <Felix.Buenemann@gmail.com>
Date: Mon, 25 Mar 2019 23:53:47 +0100
Subject: [PATCH] crypto/x509: check for default alpine ca bundle

Alpine Linux uses /etc/ssl/cert.pem as default ca-bundle which
is preinstalled since 3.7 and was installed as part of the libressl
package in 3.5 and 3.6.

The path /etc/ssl/certs/ca-certificates.crt is only valid if the full
ca-certificates package is installed by hand, which contains all
single CA certs and uses update-ca-certificates to bundle them.

The priority for /etc/ssl/certs/ca-certificates.crt should be kept
higher than /etc/ssl/cert.pem in case the user installed custom
CA certs.
---
 src/crypto/x509/root_linux.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/crypto/x509/root_linux.go b/src/crypto/x509/root_linux.go
index aa1785e4c6..267775dc5f 100644
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@@ -11,4 +11,5 @@ var certFiles = []string{
 	"/etc/ssl/ca-bundle.pem",                            // OpenSUSE
 	"/etc/pki/tls/cacert.pem",                           // OpenELEC
 	"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
+	"/etc/ssl/cert.pem",                                 // Alpine Linux
 }