+ Certificate.Verify
+ now uses platform APIs to verify certificate validity on macOS and iOS when it
+ is called with a nil
+ VerifyOpts.Roots
+ or when using the root pool returned from
+ SystemCertPool.
+
+ SystemCertPool
+ is now available on Windows.
+
+ On Windows, macOS, and iOS, when a
+ CertPool returned by
+ SystemCertPool
+ has additional certificates added to it,
+ Certificate.Verify
+ will do two verifications: one using the platform verifier APIs and the
+ system roots, and one using the Go verifier and the additional roots.
+ Chains returned by the platform verifier APIs will be prioritized.
+
+ CertPool.Subjects
+ is deprecated. On Windows, macOS, and iOS the
+ CertPool returned by
+ SystemCertPool
+ will return a pool which does not include system roots in the slice
+ returned by Subjects, as a static list can't appropriately
+ represent the platform policies and might not be available at all from the
+ platform APIs.
+