I can't tell you why it is how it is, but you can always load the roots that *you* want to use into your own CertPool and then use that CertPool for verification.
See https://golang.org/pkg/crypto/x509/#VerifyOptions -jeff -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
