Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: stop looking at first root store #38869

Open
FiloSottile opened this issue May 5, 2020 · 3 comments
Open

crypto/x509: stop looking at first root store #38869

FiloSottile opened this issue May 5, 2020 · 3 comments
Labels
NeedsFix
Milestone

Comments

@FiloSottile
Copy link
Contributor

@FiloSottile FiloSottile commented May 5, 2020

For some reason, when looking for a CA root store on UNIX we stop at the first good file, still look at directories, and not stop at the first good directory. On most systems the file, if it exists, is a bundling of the roots in the directory, and the directories are for different systems, not for combining.

We should probably make the function exit sooner.

@FiloSottile FiloSottile added the NeedsFix label May 5, 2020
@FiloSottile FiloSottile added this to the Backlog milestone May 5, 2020
@gopherbot
Copy link

@gopherbot gopherbot commented May 16, 2020

Change https://golang.org/cl/234257 mentions this issue: crypto/x509: rework how system roots are loaded on unix systems

@FiloSottile
Copy link
Contributor Author

@FiloSottile FiloSottile commented Oct 5, 2020

Like #39540, let's give crypto/x509 a rest in Go 1.16.

@dmitshur
Copy link
Contributor

@dmitshur dmitshur commented May 21, 2021

There's only a week until target date for 1.17 beta 1. I'll move this to Backlog since it doesn't seem someone is actively working on getting this in, but please update the issue if needed.

@dmitshur dmitshur removed this from the Go1.17 milestone May 21, 2021
@dmitshur dmitshur added this to the Backlog milestone May 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsFix
Projects
None yet
Development

No branches or pull requests

3 participants