Hello, I've found a behavior change in go1.9.x and I'm not sure if this can be considered a bug or not.
I prepared a small POC to explain this: https://gitlab.com/nolith-tests/go-lang-tls-connection-state/blob/master/main.go func dumpConnectionState(url string) { fmt.Println("URL", url, "with", runtime.Version()) r, err := http.Head(url) if err != nil { panic(err) } fmt.Println("VerifiedChains len", len(r.TLS.VerifiedChains)) for i, verifiedChain := range r.TLS.VerifiedChains { fmt.Println("Chain #", i) for j, certificate := range verifiedChain { signature := hex.EncodeToString(certificate.Signature) fmt.Println("[", j, "] =>", certificate.Subject.CommonName, signature) } } } This function will perform HTTPS HEAD request and then dump the VerifiedChains, in a vanilla Linux environment, this program behaves exactly the same if compiled with go1.8.7 or go1.9.4 But when the leaf certificate is added to /etc/ssl/certs/ go1.8 will still dump the whole chain, but go1.9 will print only the leaf certificate skipping the rest of the chain. Diff of the outputs: https://gitlab.com/nolith-tests/go-lang-tls-connection-state/-/jobs/60324091 Can this be considered a bug? There is some workaround I can use to get go1.8 behavior on go1.9? Thank you, Alessio -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
