[GODRIVER-351] Investigate Darwin root certs Go bug and workarounds Created: 06/Apr/18  Updated: 02/May/19  Resolved: 02/May/19

Status: Closed
Project: Go Driver
Component/s: Networking
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: David Golden Assignee: David Golden
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by GODRIVER-835 Querying Atlas sandbox cluster return... Closed
Related
related to GODRIVER-643 Verify server certificates using CAs ... Closed

 Description   

There are reports of problems reading default root CA certs from a user's keychain when a root cert pool is not provided in the TLS config. It's hard to tell the exact status, but it does not work correctly at least as of Go 1.9.4.

Hashicorp has a workaround which we could consider adopting or adapting (and are doing so for TOOLS-1948).

Or, if we can confirm this is fixed in some newer Go release, then we'll need to mandate that as a minimum on Darwin.

Some relevant issues can be found with this GitHub issue search



 Comments   
Comment by David Golden [ 02/May/19 ]

As of Go 1.12, CA certs in Keychains are supported if correctly installed.

Generated at Thu Feb 08 08:34:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.