crypto/tls: fetch root certificates using Mac OS API

Fixes #1009. R=adg, rsc CC=golang-dev https://golang.org/cl/5262041
2025-12-08 06:10:04 +00:00 · 2011-10-13 13:59:13 -04:00 · 2011-10-13 13:59:13 -04:00 · 38fb09b412
commit 38fb09b412
parent 604bd70085
9 changed files with 208 additions and 31 deletions
--- a/src/pkg/crypto/tls/handshake_client.go
+++ b/src/pkg/crypto/tls/handshake_client.go
@ -97,11 +97,9 @@ func (c *Conn) clientHandshake() os.Error {
 		certs[i] = cert
 	}

-	// If we don't have a root CA set configured then anything is accepted.
-	// TODO(rsc): Find certificates for OS X 10.6.
-	if c.config.RootCAs != nil {
+	if !c.config.InsecureSkipVerify {
 		opts := x509.VerifyOptions{
-			Roots:         c.config.RootCAs,
+			Roots:         c.config.rootCAs(),
 			CurrentTime:   c.config.time(),
 			DNSName:       c.config.ServerName,
 			Intermediates: x509.NewCertPool(),