how SSL_CERT_DIR works in golang (on linux systems)

Published: 2021-08-06 in golang

This applies to linux based systems only

Setting the environment variable SSL_CERT_DIR allows you to add some additional certificates to the (go) system cert pool, e.g. self-signed CAs for internal systems.

Note this is in addition to any root CAs that are already in your system level CA certificates files/bundles (see src/crypto/x509/root_linux.go;l=8-15

Side effect: setting this variable will cause the system to stop scanning the default cert directories;l=17-23.

To mitigate this, you can use colon syntax to make sure all locations you want are scanned.