Roland Bracewell Shoemaker
Roland Bracewell Shoemaker
Seems like a reasonable optimization, I'd be happy to take a look if you'd like to send a CL.
The least worst option I can think of: we insert a static certificate into the builder images for macos and windows, and use it to sign local certificates. For testing...
Plan is: basically above. We'll generate a _highly_ constrained root, which will be used for testing. Rather than a flag that lets the user insert it into their own pool,...
This change has landed (🎉), the next step is for @golang/release (I think) to insert the root (https://github.com/golang/go/blob/master/src/crypto/x509/platform_root_cert.pem) into the trust stores for the windows and darwin builder images (happy...
Ideally I think getting this working before we fully switch to LUCI would be ideal, but I understand if it's a relatively lower priority. The old tests are still in-tree,...
Ah yes, I completely missed that. I'll be happy to remove those tests.
Based on the LUCI results, I am under the impression the test root has only been added to the TryBot builders, but not the LUCI builders (which show the skip...
crypto/tls is the only place I can think of off in the standard library where we'd want to upgrade I think. I've seen the currying pattern a handful of times...
This appears to be a combination of https://github.com/chromium/badssl.com/issues/515, and a change in the verification error precedence in macOS 13 (previously revoked seemed to take precedence over expiration, whereas now it's...