crypto/x509: stop looking at first root store #38869

FiloSottile · 2020-05-05T04:47:47Z

For some reason, when looking for a CA root store on UNIX we stop at the first good file, still look at directories, and not stop at the first good directory. On most systems the file, if it exists, is a bundling of the roots in the directory, and the directories are for different systems, not for combining.

We should probably make the function exit sooner.

gopherbot · 2020-05-16T03:04:07Z

Change https://golang.org/cl/234257 mentions this issue: crypto/x509: rework how system roots are loaded on unix systems

FiloSottile · 2020-10-05T17:49:38Z

Like #39540, let's give crypto/x509 a rest in Go 1.16.

dmitshur · 2021-05-21T18:52:35Z

There's only a week until target date for 1.17 beta 1. I'll move this to Backlog since it doesn't seem someone is actively working on getting this in, but please update the issue if needed.

FiloSottile added the NeedsFix The path to resolution is known, but the work has not been done. label May 5, 2020

FiloSottile added this to the Backlog milestone May 5, 2020

FiloSottile modified the milestones: Backlog, Go1.17 Oct 5, 2020

FiloSottile mentioned this issue May 20, 2021

crypto/x509: use platform verifier on Windows, macOS and iOS #46287

Closed

dmitshur modified the milestones: Go1.17, Backlog May 21, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crypto/x509: stop looking at first root store #38869

crypto/x509: stop looking at first root store #38869

FiloSottile commented May 5, 2020

gopherbot commented May 16, 2020

FiloSottile commented Oct 5, 2020

dmitshur commented May 21, 2021

crypto/x509: stop looking at first root store #38869

crypto/x509: stop looking at first root store #38869

Comments

FiloSottile commented May 5, 2020

gopherbot commented May 16, 2020

FiloSottile commented Oct 5, 2020

dmitshur commented May 21, 2021