On Darwin, user's trust preferences for root certificates...
High severity
Unreviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Description
Published by the National Vulnerability Database
Oct 5, 2017
Published to the GitHub Advisory Database
May 14, 2022
Last updated
Jan 28, 2023
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.
References