[GODRIVER-351] Investigate Darwin root certs Go bug and workarounds Created: 06/Apr/18 Updated: 02/May/19 Resolved: 02/May/19 |
|
| Status: | Closed |
| Project: | Go Driver |
| Component/s: | Networking |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | David Golden | Assignee: | David Golden |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Description |
|
There are reports of problems reading default root CA certs from a user's keychain when a root cert pool is not provided in the TLS config. It's hard to tell the exact status, but it does not work correctly at least as of Go 1.9.4. Hashicorp has a workaround which we could consider adopting or adapting (and are doing so for Or, if we can confirm this is fixed in some newer Go release, then we'll need to mandate that as a minimum on Darwin. Some relevant issues can be found with this GitHub issue search |
| Comments |
| Comment by David Golden [ 02/May/19 ] |
|
As of Go 1.12, CA certs in Keychains are supported if correctly installed. |