Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: link Security.framework symbols without cgo #32604

Open
FiloSottile opened this issue Jun 13, 2019 · 1 comment
Open

crypto/x509: link Security.framework symbols without cgo #32604

FiloSottile opened this issue Jun 13, 2019 · 1 comment
Milestone

Comments

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Jun 13, 2019

Just like we link libSystem when CGO_ENABLED=0, we can probably do the same with Security.framework for obtaining the root CAs, and drop the horrible no-cgo fallback path that shells out to security. The latter is slow and makes some dangerous approximations due to not having access to the actual trust policies.

Suggested by @zx2c4.

@FiloSottile FiloSottile added this to the Go1.14 milestone Jun 13, 2019
@zx2c4

This comment has been minimized.

Copy link
Contributor

@zx2c4 zx2c4 commented Jun 13, 2019

and drop the horrible no-cgo fallback path that shells out to security.

And drop the cgo one too. There's not much of a strong reason for keeping cgo around when you can efficiently implement the same exact code in Go.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.