crypto/x509: allow cert bundle path to be set by environment variable

Question

crypto/x509: allow cert bundle path to be set by environment variable

gopherbot opened this issue 12 years ago · 7 comments

by viriketo:

Using go 1.0.2 on linux-x86_64.

It looks like go https works with a hardcoded path to ca-bundle list of accepted
certificates.

I think it would be nice if src/pkg/crypto/x509/root_unix.go could look at some
environment variable for an exclusive ca-cert.

In the GNU/Linux distribution NixOS we have the system ca-cert bundle sitting at a path
different than those hardcoded in root_unix.go, and I can patch go1.0.2 to make it work.
But users may want to have control about the trusted certificates, when they run go
programs.

Answer 1 · 2012-08-04T15:26:42.000Z

Comment 1:

Labels changed: added priority-later, packagechange, removed priority-triage.

Owner changed to @agl.

Status changed to Accepted.

Answer 2 · 2013-11-27T18:49:27.000Z

Comment 3:

Labels changed: added go1.3maybe.

Answer 3 · 2013-12-04T01:27:53.000Z

Comment 4:

Labels changed: added release-none, removed go1.3maybe.

Answer 4 · 2013-12-04T01:47:01.000Z

Comment 5:

Labels changed: added repo-main.

Answer 5 · 2014-11-21T15:40:52.000Z

Comment 6 by sokolyuk:

Please add
"/etc/ssl/cacert.pem",                      // OmniOS
into  pkg/crypto/x509/root_unix.go

Answer 6 · 2016-10-10T03:36:46.000Z

Any thoughts on this @agl?

Answer 7 · 2017-02-02T01:25:30.000Z

CL https://golang.org/cl/36093 mentions this issue.