- Notifications
You must be signed in to change notification settings - Fork18.4k
Closed
Milestone
Description
Please answer these questions before submitting your issue. Thanks!
What did you do?
$ cat main.gopackage mainimport ("crypto/x509""fmt""log")funcmain() {certs,err:=x509.SystemCertPool()iferr!=nil {log.Fatal(err)}fmt.Printf("Num System Certs: %d\n",len(certs.Subjects()))}
$ CGO_ENABLED=0 go run main.goNum System Certs: 188$ CGO_ENABLED=1 go run main.goNum System Certs: 168What did you expect to see?
I expected to see the same number of certificates regardless of whether I used cgo.
What did you see instead?
The implementation using CGO resulted in fewer system certificates, which causes problems for our tooling that relies on one of those missing certificates to be in theSystemCertPool.
System details
go version go1.10.1 darwin/amd64GOARCH="amd64"GOBIN=""GOCACHE="/Users/jhenke/Library/Caches/go-build"GOEXE=""GOHOSTARCH="amd64"GOHOSTOS="darwin"GOOS="darwin"GOPATH="/Users/jhenke"GORACE=""GOROOT="/usr/local/go"GOTMPDIR=""GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"GCCGO="gccgo"CC="clang"CXX="clang++"CGO_ENABLED="1"CGO_CFLAGS="-g -O2"CGO_CPPFLAGS=""CGO_CXXFLAGS="-g -O2"CGO_FFLAGS="-g -O2"CGO_LDFLAGS="-g -O2"PKG_CONFIG="pkg-config"GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/_b/gz_w_nfj0_33f5y3s_0pg8xs080pym/T/go-build925272903=/tmp/go-build -gno-record-gcc-switches -fno-common"GOROOT/bin/go version: go version go1.10.1 darwin/amd64GOROOT/bin/go tool compile -V: compile version go1.10.1uname -v: Darwin Kernel Version 16.7.0: Mon Nov 13 21:56:25 PST 2017; root:xnu-3789.72.11~1/RELEASE_X86_64ProductName:Mac OS XProductVersion:10.12.6BuildVersion:16G1114lldb --version: lldb-900.0.64 Swift-4.0