crypto/x509: CertPools do not equal each other in 1.16 #45891
Description
What version of Go are you using (go version)?
$ go version go version go1.16.3 darwin/amd64
Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (go env)?
go env Output
$ go env GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="$HOME/Library/Caches/go-build" GOENV="$HOME/Library/Application Support/go/env" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="darwin" GOINSECURE="" GOMODCACHE="$HOME/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="darwin" GOPATH="$HOME/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="$HOME/dev/go-bin/go" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="$HOME/dev/go-bin/go/pkg/tool/darwin_amd64" GOVCS="" GOVERSION="go1.16.3" GCCGO="gccgo" AR="ar" CC="clang" CXX="clang++" CGO_ENABLED="1" GOMOD="$HOME/go/src/github.com/hashicorp/vault/go.mod" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/_x/qxg_n2l15nzblrs1_sm_5_qw0000gp/T/go-build3017105958=/tmp/go-build -gno-record-gcc-switches -fno-common"
What did you do?
Create two *x509.CertPool objects from the same PEM []byte and then compare them with reflect.DeepEqual:
https://play.golang.com/p/ktVmOf0Qo9W
What did you expect to see?
They should equal each other
What did you see instead?
They did not equal each other
Additional notes
I ran this against Go 1.15.11 and they came out as equal, but in 1.16.3 (and 1.16.2) they are not equal. I also got the same results when wrapping the CertPool in a *tls.Config then comparing against a Cloned config.