@FiloSottile requested issue #28092 to be considered for backport to the next 1.12 minor release.

@gopherbot please open backport issues for https://golang.org/cl/178537.

This fixes a crashing bug with no known workaround for certain macOS environments.

CL 178537 is very minimal and fit for backporting. (The rest of the chain, and CL 178539 in particular, are more speculative and only fix unrecognized roots for which there is a manual workaround, so let's not backport those.)

I feel like we should backport to both 1.11 and 1.12, since without this it's impossible to use 1.11 on certain macOS systems. (Although I guess using the next 1.12 point release could count as a "workaround"?)