It was found that user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. Upstream bug: https://github.com/golang/go/issues/18141 Upstream patch: https://go-review.googlesource.com/#/c/33721/ External Reference: https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ
Created golang tracking bugs for this issue: Affects: fedora-all [bug 1404638] Affects: epel-all [bug 1404639]