Description
Go version
go version go1.22.2 linux/amd64
Output of go env in your module/workspace:
GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/home/dani/.cache/go-build'
GOENV='/home/dani/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/home/dani/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/dani/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/lib/go-1.22'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/lib/go-1.22/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.2'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1471836164=/tmp/go-build -gno-record-gcc-switches'What did you do?
Running with SSL_CERT_DIR directed to a location with a file named root.ca with root certificates
What did you see happen?
Golang loaded the root certs from the file and used them to verify SSL connections
What did you expect to see?
The SSL_CERT_DIR is only used in OpenSSL to look for files with a single certificate inside and the name should be the hash of the certificate.
The process is documented here.
The documentation above the const in the code even links to the man page for c_rehash tool that goes over a directory and creates those hashed files (links) - so that OpenSSL can consume them.
In this comment someone validated that this env var is being treated as a comma separated list - but that function is only called from X509_LOOKUP_hash_dir, which uses that hash technique from above.