v1.10.0
CA pool allows using system CAs besides the CAs on the path provided. That introduces a minor backward incompatibility at some functions.
The affected functions:
- Generic:
NewCertPool - Server:
StartTLS,ListenAndServeMTLS,TLSClientCert - Client:
TLSRootCerts
Note: In case of a server, the role of mTLS is to authorize only certain clients to connect. So enable system CAs only if those are reasonable for auth. For example, under control of the system operator.