crypto/x509: SystemCertPool documentation is not clear that modifications to the cert pool supplied are isolated from other pools returned by the function #27385
Labels
Documentation
FrozenDueToAge
NeedsFix
The path to resolution is known, but the work has not been done.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?What did you do?
Read the documentation for x509.SystemCertPool(). It looks like this today:
What did you expect to see?
I expected to see really clear distinction for whether the pointer I receive is to an
x509.CertPool
that is shared between all callers ofx509.SystemCertPool()
, and whether changes I make affect other copies of the pool returned by the function.What did you see instead?
I saw the sentence below, that points out that mutation to the returned pool are not written to disk, and that changes to the pool I'm given do not impact other pools.
I think the intention with the second part of the statement is to call out that mutations to a certificate pool returned in one call are not visible in certificate pools returned in other calls to
x509.SystemCertPool()
either before or after the mutation, but that isn't unequivocally clear.The statement
do not affect any other pool
is ambiguous as to who theany other pool
s are, because pools can be created in multiple ways that have nothing to do with the system certificate pool.Example code I used to confirm that the code behaves this way
I ran the following code to confirm for myself whether
x509.CertPool
s returned byx509.SystemCertPool()
are isolated from each other and confirmed that they are.Outputs:
Proposal
Change the documentation to read:
The text was updated successfully, but these errors were encountered: