Commit - go-fedora - 3705d34af14eb7aea26a2e0ce97bf6e3b09b0c28

go-fedora

`3705d34` [release-branch.go1.11] crypto/x509: fix root CA extraction on macOS (no-cgo path)

Authored and Committed by Filippo Valsorda 5 years ago

raw patch tree parent

1 file changed. 67 lines added. 44 lines removed.

    [release-branch.go1.11] crypto/x509: fix root CA extraction on macOS (no-cgo path)
    
    Certificates without any trust settings might still be in the keychain
    (for example if they used to have some, or if they are intermediates for
    offline verification), but they are not to be trusted. The only ones we
    can trust unconditionally are the ones in the system roots store.
    
    Moreover, the verify-cert invocation was not specifying the ssl policy,
    defaulting instead to the basic one. We have no way of communicating
    different usages in a CertPool, so stick to the WebPKI use-case as the
    primary one for crypto/x509.
    
    Updates #24652
    Fixes #26039
    
    Change-Id: Ife8b3d2f4026daa1223aa81fac44aeeb4f96528a
    Reviewed-on: https://go-review.googlesource.com/c/128116
    Reviewed-by: Adam Langley <agl@google.com>
    Reviewed-by: Adam Langley <agl@golang.org>
    (cherry picked from commit aa2415807781ba84bf917c62cb983dc1a44f2ad1)
    Reviewed-on: https://go-review.googlesource.com/c/162861
    Run-TryBot: Filippo Valsorda <filippo@golang.org>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    Reviewed-by: Andrew Bonventre <andybons@golang.org>

src/crypto/x509/root_darwin.go

file modified

+67 -44

go-fedora

Source Code

3705d34 [release-branch.go1.11] crypto/x509: fix root CA extraction on macOS (no-cgo path)

Authored and Committed by Filippo Valsorda 5 years ago

`3705d34` [release-branch.go1.11] crypto/x509: fix root CA extraction on macOS (no-cgo path)