Closed
Description
I have a program that creates a custom certificate pool in several steps, loading various certificates that have different levels of access to the resources in the program. I would like to use one of the earlier stages as a separate certificate pool to ensure that only certificates from that pool can access a particular port.
Unfortunately the best solution seems to be to load the certificates twice since there is no way to clone pools. I see this has been suggested a number of times before, although each time the particular application suggested has been solved by a different method. The code to do this is already there in the copy method: I'm just suggesting we upper-case it.
See the very closely related:
#24540
Metadata
Metadata
Assignees
Type
Projects
Relationships
Development
No branches or pull requests
Participants
Activity
dmitshur commentedon Oct 21, 2019
/cc @FiloSottile @frankgreco
[-]crypto/x509: enable deep copy of x509.CertPool[/-][+]crypto/x509: add CertPool.Clone[/+][-]crypto/x509: add CertPool.Clone[/-][+]proposal: crypto/x509: add CertPool.Clone[/+]FiloSottile commentedon Mar 2, 2022
@golang/proposal-review, this would be a good thing to land in Go 1.19 along with CertPool.Equal #46057 and it's pretty easy after the Go 1.18 changes. /cc @golang/security
rsc commentedon Mar 16, 2022
This proposal has been added to the active column of the proposals project
and will now be reviewed at the weekly proposal review meetings.
— rsc for the proposal review group
rsc commentedon Mar 23, 2022
Does anyone object to adding this?
rsc commentedon Mar 30, 2022
Based on the discussion above, this proposal seems like a likely accept.
— rsc for the proposal review group
2 remaining items
gopherbot commentedon Apr 13, 2022
Change https://go.dev/cl/400175 mentions this issue:
crypto/x509: add CertPool.Clonecrypto/x509: add CertPool.Clone