CVE-2017-1000097

EPSS 0.18%

Mishandled trust preferences for root certificates on Darwin in crypto/x509

Published: 5/24/2022Modified: 6/3/2024

Description

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.

Affected packages (1)

Go/stdlibfrom 0, < 1.6.4, >= 1.7.0-0, < 1.7.4

References (3)

PATCHhttps://go.googlesource.com/go/+/7e5b2e0ec144d5f5b2923a7d5db0b9143f79a35a
REPORThttps://go.dev/issue/18141
WEBhttps://groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ