From f6695a15e15713cdac16978837d8b01ef4999279 Mon Sep 17 00:00:00 2001
From: Russ Cox <rsc@golang.org>
Date: Wed, 13 Mar 2019 20:06:37 -0400
Subject: [PATCH] crypto/x509: move debug prints to standard error

Standard output is reserved for actual program output.
Debug print should be limited in general (here they are
enabled by an environment variable) and always go to
standard error.

Came across by accident.

Change-Id: I1490be71473520f049719572b3acaa0ea9f9e5c1
Reviewed-on: https://go-review.googlesource.com/c/go/+/167502
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
---
 src/crypto/x509/root_darwin.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go
index 9b8a1cca7d..2f6a8b8d60 100644
--- a/src/crypto/x509/root_darwin.go
+++ b/src/crypto/x509/root_darwin.go
@@ -58,7 +58,7 @@ func execSecurityRoots() (*CertPool, error) {
 		return nil, err
 	}
 	if debugDarwinRoots {
-		fmt.Printf("crypto/x509: %d certs have a trust policy\n", len(hasPolicy))
+		fmt.Fprintf(os.Stderr, "crypto/x509: %d certs have a trust policy\n", len(hasPolicy))
 	}
 
 	keychains := []string{"/Library/Keychains/System.keychain"}
@@ -68,7 +68,7 @@ func execSecurityRoots() (*CertPool, error) {
 	home, err := os.UserHomeDir()
 	if err != nil {
 		if debugDarwinRoots {
-			fmt.Printf("crypto/x509: can't get user home directory: %v\n", err)
+			fmt.Fprintf(os.Stderr, "crypto/x509: can't get user home directory: %v\n", err)
 		}
 	} else {
 		keychains = append(keychains,
@@ -148,7 +148,7 @@ func execSecurityRoots() (*CertPool, error) {
 	wg.Wait()
 
 	if debugDarwinRoots {
-		fmt.Printf("crypto/x509: ran security verify-cert %d times\n", numVerified)
+		fmt.Fprintf(os.Stderr, "crypto/x509: ran security verify-cert %d times\n", numVerified)
 	}
 
 	return roots, nil
@@ -205,12 +205,12 @@ func verifyCertWithSystem(cert *Certificate) bool {
 	}
 	if err := cmd.Run(); err != nil {
 		if debugDarwinRoots {
-			fmt.Printf("crypto/x509: verify-cert rejected %s: %q\n", cert.Subject, bytes.TrimSpace(stderr.Bytes()))
+			fmt.Fprintf(os.Stderr, "crypto/x509: verify-cert rejected %s: %q\n", cert.Subject, bytes.TrimSpace(stderr.Bytes()))
 		}
 		return false
 	}
 	if debugDarwinRoots {
-		fmt.Printf("crypto/x509: verify-cert approved %s\n", cert.Subject)
+		fmt.Fprintf(os.Stderr, "crypto/x509: verify-cert approved %s\n", cert.Subject)
 	}
 	return true
 }
@@ -243,7 +243,7 @@ func getCertsWithTrustPolicy() (map[string]bool, error) {
 			// localized on macOS, just interpret any failure to mean that
 			// there are no trust settings.
 			if debugDarwinRoots {
-				fmt.Printf("crypto/x509: exec %q: %v, %s\n", cmd.Args, err, stderr.Bytes())
+				fmt.Fprintf(os.Stderr, "crypto/x509: exec %q: %v, %s\n", cmd.Args, err, stderr.Bytes())
 			}
 			return nil
 		}