crypto/x509: untrusted intermediates are not used on macOS #35631
Description
What version of Go are you using (go version)?
$ go version go version go1.13.4 darwin/amd64
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (go env)?
go env Output
$ go env GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/Users/xhp9/Library/Caches/go-build" GOENV="/Users/xhp9/Library/Application Support/go/env" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="darwin" GONOPROXY="" GONOSUMDB="" GOOS="darwin" GOPATH="/Users/xhp9" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/local/Cellar/go/1.13.4/libexec" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/local/Cellar/go/1.13.4/libexec/pkg/tool/darwin_amd64" GCCGO="gccgo" AR="ar" CC="clang" CXX="clang++" CGO_ENABLED="1" GOMOD="/Users/xhp9/src/github.com/nordstrom/kubelogin/go.mod" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/qy/p4t6xtws5yv8llv3wg15ck9rztrl8v/T/go-build395049258=/tmp/go-build -gno-record-gcc-switches -fno-common"
What did you do?
Open http connection to a remote server using internal certificate. Web browsers have no issue accepting the certificate.
A workaround is to set the issuing CA to Always Trust in the keychain. Using system defaults does not work.
Basically this seems to be the same issue as #30471 or #30672 except I get a failure even with CGO_ENABLED=0.
What did you expect to see?
No error.
What did you see instead?
x509: certificate signed by unknown authority