Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: add new FreeBSD root store path [freeze exception] #46284

Closed
FiloSottile opened this issue May 20, 2021 · 2 comments
Closed

crypto/x509: add new FreeBSD root store path [freeze exception] #46284

FiloSottile opened this issue May 20, 2021 · 2 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Go1.17

Comments

@FiloSottile
Copy link
Contributor

FreeBSD added a system root store that doesn't require installing a package. We should use that when it's available.

https://svnweb.freebsd.org/base?view=revision&revision=357082

There is a CL available already: https://golang.org/cl/321190

@golang/release, can I get a freeze exception for this? It's a very small change, platform specific, and lets us be more in sync with the trust policy of the platform.
@FiloSottile FiloSottile added the NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. label May 20, 2021
@FiloSottile FiloSottile added this to the Go1.17 milestone May 20, 2021
lapo-luchini added a commit to lapo-luchini/go that referenced this issue May 20, 2021
@lapo-luchini
Add new FreeBSD 12.2+ trusted certificate folder
0fa5542 
Up to FreeBSD 12.1 the package ca_root_nss was needed in order to
have certificates under /usr/local/share/certs as the base system
didn't have a system-wide trusted certificate store.

This has been created in FreeBSD 12.2 in /etc/ssl/certs:
https://svnweb.freebsd.org/base?view=revision&revision=357082

Fixes golang#46284
@dmitshur
Copy link
Contributor

Thanks for requesting a freeze exception and letting us know. This certainly looks very reasonable for Go 1.17. Moving from NeedsDecision to NeedsFix.

@dmitshur dmitshur added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. labels May 20, 2021
@FiloSottile FiloSottile mentioned this issue May 20, 2021
Closed
@gopherbot
Copy link

Change https://golang.org/cl/321190 mentions this issue: crypto/x509: add new FreeBSD 12.2+ trusted certificate folder

@francislavoie francislavoie mentioned this issue May 29, 2021
Closed
@golang golang locked and limited conversation to collaborators May 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Go1.17
Development

Successfully merging a pull request may close this issue.

crypto/x509: add new FreeBSD 12.2+ trusted certificate folder lapo-luchini/go
3 participants
@FiloSottile @dmitshur @gopherbot