New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: fetch root certificates using Mac OS API #1009
Labels
Comments
What about people who don't have MacPorts? This is a known issue - there's a TODO to that effect in the source code. My plan is to revise the networking code so that it can use host services and ask OS X for the root set or to validate the certificate. Owner changed to r...@golang.org. Status changed to Accepted. |
Comment 2 by dacc@exaptic.com: Yeah, my patch is admittedly a hack -- just thought I'd mention what I did to work around the problem. Should there be tickets in here for TODOs like this in the code, or is that overkill? |
The networking code now uses cgo, so it is time to fix this for real. The fix is to add new root_darwin.go, root_unix.go, and root_stub.go files to crypto/tls, all implementing initDefaultRoots(). The root_stub.go implementation would do nothing; root_darwin.go would call SecTrustCopyAnchorCertificates [1], root_unix.go would do the file reading currently in common.go. We will eventually want a root_windows.go too. [1] http://developer.apple.com/library/mac/#documentation/security/Reference/certifkeytrustservices/Reference/reference.html Labels changed: added os-macosx. Status changed to HelpWanted. |
This issue was closed by revision 38fb09b. Status changed to Fixed. |
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
Fixes golang#1009. R=adg, rsc CC=golang-dev https://golang.org/cl/5262041
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by dacc@exaptic.com:
The text was updated successfully, but these errors were encountered: