crypto/x509: honor OS X certificate trust settings

[quentinmit]

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.
Thanks to Xy Ziemba for identifying and reporting this issue.

[gopherbot]

CL https://golang.org/cl/33721 mentions this issue.

[gopherbot]

CL https://golang.org/cl/33727 mentions this issue.

[gopherbot]

CL https://golang.org/cl/33728 mentions this issue.

[micahlmartin]

I'm using terraform which has included this fix in it's latest version. The problem I'm having on my mac is that I'm getting net/http: TLS handshake timeout errors when trying to access any tls endpoints through this library. I'm on a corporate laptop that's pretty locked down so I'm sure it has something to do with it, but I'm not sure what I need to do to try and work around it. Any guidance would be much appreciated. Thanks!

[quentinmit]

@micahlmartin The changes for this bug should not be able to affect TLS handshake timeouts. Please open a new bug.