chriskilding
commented
2 years ago My own testing with the following Go 'hello world' HTTPS program, run behind an HTTPS proxy, shows that TLS verification via the Keychain 'just works' with any recent Go version:
package main
import (
"fmt"
"net/http"
)
func main() {
resp, _ = http.Get("https://www.example.com")
if resp.StatusCode >= 200 {
fmt.Println("Success")
}
}I.e. demonstrating that Go can utilise the TLS root certificates in the OS trust store.
I have not been able to track down the commit or PR that first added support for this, but there have been several improvements to the feature over time such as:
- https://github.com/golang/go/commit/4f234814831c48a3bbc2b9a2d00242fad890facf (Dec 2013, Go v1.3)
- https://github.com/golang/go/commit/6cd698d71da92aeb4540c378213ac4a1c6687097 (May 2016, Go v1.7)
- https://github.com/golang/go/commit/4dbcacda961abb0ca3490dc06923fa7ab344d702 (July 2017, Go v1.9)
So Go has clearly supported this for a long time.
Tracking support for native TLS certificate verification in Go (Golang).