Skip to content

/ go

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: stop looking at first root store #38869

Open
FiloSottile opened this issue May 5, 2020 · 2 comments
Open

crypto/x509: stop looking at first root store #38869

FiloSottile opened this issue May 5, 2020 · 2 comments
Labels
NeedsFix
Milestone
Go1.17

Comments

@FiloSottile
Copy link
Contributor

@FiloSottile FiloSottile commented May 5, 2020

For some reason, when looking for a CA root store on UNIX we stop at the first good file, still look at directories, and not stop at the first good directory. On most systems the file, if it exists, is a bundling of the roots in the directory, and the directories are for different systems, not for combining.

We should probably make the function exit sooner.
@FiloSottile FiloSottile added this to the Backlog milestone May 5, 2020
@gopherbot
Copy link

@gopherbot gopherbot commented May 16, 2020

Change https://golang.org/cl/234257 mentions this issue: crypto/x509: rework how system roots are loaded on unix systems
@FiloSottile
Copy link
Contributor Author

@FiloSottile FiloSottile commented Oct 5, 2020

Like #39540, let's give crypto/x509 a rest in Go 1.16.
@FiloSottile FiloSottile modified the milestones: Backlog, Go1.17 Oct 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsFix
Projects
None yet
Milestone
Go1.17
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@FiloSottile @gopherbot