Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x509.SystemCertPool() return empty pool on macOS #53498

Closed
haoel opened this issue Jun 22, 2022 · 3 comments
Closed

x509.SystemCertPool() return empty pool on macOS #53498

haoel opened this issue Jun 22, 2022 · 3 comments
Labels
FrozenDueToAge

Comments

@haoel
Copy link

haoel commented Jun 22, 2022

What version of Go are you using (go version)?

$ go version
go version go1.18.2 darwin/amd64

Does this issue reproduce with the latest release?

I assume the latest release is 1.18.2

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/chenhao/Library/Caches/go-build"
GOENV="/Users/chenhao/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/chenhao/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/chenhao/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/Cellar/go/1.18.2/libexec"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.18.2/libexec/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.18.2"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/zz/rnjkjl3571d2w2k4vfs8y8cm0000gn/T/go-build2741412823=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

Run the following code on macOS Monterey (12.4)

package main

 import (
     "crypto/x509"
     "fmt"
     "log"
 )

 func main() {
     certs, err := x509.SystemCertPool()
     if err != nil {
         log.Fatal(err)
     }
     fmt.Printf("Num System Certs: %d\n", len(certs.Subjects()))
 }

What did you expect to see?

the Num System Certs should not be 0.

What did you see instead?

the output is

$ go run main.go                                                                                                                                                                 ─╯
Num System Certs: 0

other information

$ uname -a
Darwin MacBookPro 21.5.0 Darwin Kernel Version 21.5.0: Tue Apr 26 21:08:22 PDT 2022; root:xnu-8020.121.3~4/RELEASE_X86_64 x86_64

$ security find-certificate -a  /Library/Keychains/System.keychain /System/Library/Keychains/SystemRootCertificates.keychain  ~/Library/Keychains/login.keychain | grep alis | wc
     228     904   11963
@seankhliao
Copy link
Member

from CertPool.Subjects:

Deprecated: if s was returned by SystemCertPool, Subjects will not include the system roots.

@seankhliao seankhliao closed this as not planned Won't fix, can't repro, duplicate, stale Jun 22, 2022
@haoel
Copy link
Author

haoel commented Jun 22, 2022

@seankhliao but why does it work on the Linux platform? and what is the best way to let the TLS use the system CA pool?

@mengzhuo
Copy link
Contributor

@seankhliao but why does it work on the Linux platform? and what is the best way to let the TLS use the system CA pool?

For your reference: #46287

@golang golang locked and limited conversation to collaborators Jun 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mengzhuo @haoel @gopherbot @seankhliao