Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
crypto/x509: root_darwin.go does not include trusted root certificates from System/Login keychains #20990
This is a bug for tracking the work on the certificate handling in the not cgo version of go.
Intentionally copied over the original bug description from here #14514.
On OS X Yosemite, this issue can be mitigated by installing the certificate into SystemRootCertificates.keychain via /usr/bin/security from the terminal:
However, on El Capitan this is no longer possible without turning off security protections enabled by Apple.
This bug makes distributing Go clients (especially 3rd-party developed) difficult in organizations with an internal PKI.
I recompiled golang
Any advice on how to get a workaround.
Confirmed. It works for me
@lmayorga1980 I'm not sure whether anything was committed because of this issue, but the 1.10 Go release is scheduled for February 1. https://github.com/golang/go/wiki/Go-Release-Cycle
Actually, as far as I can tell from the comments above, this is fixed in 1.9, so it is already in a core Go release. But to get a non-cgo version, you'll have to build it yourself, following the comments above, or as described at https://golang.org/doc/install/source setting
I'm going to close this issue because I don't see anything to do. Please comment if you disagree.