crypto/x509: verification with system and custom roots
Make system cert pools special, such that when one has extra roots added to it we run verifications twice, once using the platform verifier, if available, and once using the Go verifier, merging the results. This change re-enables SystemCertPool on Windows, but explicitly does not return anything from CertPool.Subjects (which matches the behavior of macOS). CertPool.Subjects is also marked deprecated. Fixes #46287 Fixes #16736 Change-Id: Idc1843f715ae2b2d0108e55ab942c287181a340a Reviewed-on: https://go-review.googlesource.com/c/go/+/353589 Reviewed-by:Filippo Valsorda <filippo@golang.org> Trust: Roland Shoemaker <roland@golang.org>
Loading
Please sign in to comment