Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots [1.11 backport] #32281

gopherbot opened this issue May 28, 2019 · 3 comments


Copy link

@gopherbot gopherbot commented May 28, 2019

@FiloSottile requested issue #28092 to be considered for backport to the next 1.11 minor release.

@gopherbot please open backport issues for

This fixes a crashing bug with no known workaround for certain macOS environments.

CL 178537 is very minimal and fit for backporting. (The rest of the chain, and CL 178539 in particular, are more speculative and only fix unrecognized roots for which there is a manual workaround, so let's not backport those.)

I feel like we should backport to both 1.11 and 1.12, since without this it's impossible to use 1.11 on certain macOS systems. (Although I guess using the next 1.12 point release could count as a "workaround"?)

Copy link

@gopherbot gopherbot commented May 29, 2019

Change mentions this issue: [release-branch.go1.11] crypto/x509: fix value ownership in isSSLPolicy on macOS

Copy link

@julieqiu julieqiu commented May 30, 2019

Approved since this is a serious problem with no workaround. Please follow the instructions at to create the cherrypick CL.

Copy link

@gopherbot gopherbot commented Jun 7, 2019

Closed by merging d497d80 to release-branch.go1.11.

@gopherbot gopherbot closed this Jun 7, 2019
gopherbot pushed a commit that referenced this issue Jun 7, 2019
…cy on macOS

CFDictionaryGetValueIfPresent does not take ownership of the value, so
releasing the properties dictionary before passing the value to CFEqual
can crash. Not really clear why this works most of the time.


Fixes #32281
Updates #28092
Updates #30763

Change-Id: I5ee7ca276b753a48abc3aedfb78b8af68b448dd4
Reviewed-by: Adam Langley <>
(cherry picked from commit a3d4655)
Run-TryBot: Dmitri Shuralyov <>
TryBot-Result: Gobot Gobot <>
Reviewed-by: Dmitri Shuralyov <>
@golang golang locked and limited conversation to collaborators Jun 6, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.