crypto/x509: add Admin & User Keychains to FetchPEMRoots on Darwin
in root_cgo_darwin.go only certificates from the System Domain were being used in FetchPEMRoots. This patch adds support for getting certificates from all three domains (System, Admin, User). Also it will only read trusted certificates from those Keychains. Because it is possible to trust a non Root certificate, this patch also adds a checks to see if the Subject and Issuer name are the same. Fixes #14514 Change-Id: Ia03936d7a61d1e24e99f31c92f9927ae48b2b494 Reviewed-on: https://go-review.googlesource.com/20351Reviewed-by: Russ Cox <rsc@golang.org>
Showing
Please register or sign in to comment