[release-branch.go1.11] crypto/x509: fix root CA extraction on macOS (cgo path)
The cgo path was not taking policies into account, using the last security setting in the array whatever it was. Also, it was not aware of the defaults for empty security settings, and for security settings without a result type. Finally, certificates restricted to a hostname were considered roots. The API docs for this code are partial and not very clear, so this is a best effort, really. Updates #24652 Updates #26039 Change-Id: I8fa2fe4706f44f3d963b32e0615d149e997b537d Reviewed-on: https://go-review.googlesource.com/c/128056 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:Adam Langley <agl@google.com> Reviewed-by:
Adam Langley <agl@golang.org> (cherry picked from commit f6be1cf1) Reviewed-on: https://go-review.googlesource.com/c/162860 Reviewed-by:
Andrew Bonventre <andybons@golang.org>
Loading
Please sign in to comment