Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: stop looking at first root store #38869

Open
FiloSottile opened this issue May 5, 2020 · 2 comments
Open

crypto/x509: stop looking at first root store #38869

FiloSottile opened this issue May 5, 2020 · 2 comments
Labels
Milestone

Comments

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented May 5, 2020

For some reason, when looking for a CA root store on UNIX we stop at the first good file, still look at directories, and not stop at the first good directory. On most systems the file, if it exists, is a bundling of the roots in the directory, and the directories are for different systems, not for combining.

We should probably make the function exit sooner.

@FiloSottile FiloSottile added the NeedsFix label May 5, 2020
@FiloSottile FiloSottile added this to the Backlog milestone May 5, 2020
@gopherbot
Copy link

@gopherbot gopherbot commented May 16, 2020

Change https://golang.org/cl/234257 mentions this issue: crypto/x509: rework how system roots are loaded on unix systems

@FiloSottile
Copy link
Member Author

@FiloSottile FiloSottile commented Oct 5, 2020

Like #39540, let's give crypto/x509 a rest in Go 1.16.

@FiloSottile FiloSottile modified the milestones: Backlog, Go1.17 Oct 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.