We are using some of the functions in the pkix package to generate CAs, certs, and keys in tests. Running the tests with race detection and in parallel triggered failures as there are package level variables that are written to by different goroutines:

WARNING: DATA RACE
Write at 0x000000b8b598 by goroutine 7:
  github.com/square/certstrap/pkix.CreateCertificateAuthority()
      /tmp/build/80754af9/diego-release/src/github.com/square/certstrap/pkix/cert_auth.go:85 +0xb3
...

Previous write at 0x000000b8b598 by goroutine 10:
  github.com/square/certstrap/pkix.CreateCertificateAuthority()
      /tmp/build/80754af9/diego-release/src/github.com/square/certstrap/pkix/cert_auth.go:85 +0xb3
...

The pkix package seems to use a pattern that makes its functions unsafe for concurrent use, e.g.

Is there an existing track of work to ensure the pkix package is safe for concurrency?

cc @n4wei

I don't believe that we have an existing track of work for this. The package was written for the CLI so thread-safety wasn't originally a concern. It would be nice to fix this though.

I think this is now fixed with the removal of global variables in 8cbba96?

Yes, the global state has been removed in #77 and the change was part of the 1.2.0 release.