Not really sure this is a bug as such but I am not sure that the following code from around ln57 in init_canonical.php is a great idea:

Code:
/**
 * SSL Pages get no special treatment, since they don't usually require being indexed uniquely differently from non-SSL pages
 */
  case ($request_type == 'SSL' && substr(HTTP_SERVER, 0, 5) != 'https'):
    $canonicalLink = '';
    break;
By 'special treatment' it actually means 'no treatment',so it produces no canonical links for https pages. And no canonical links at all for sites that run entirely on https.

Hmm ...

(Personally, I'd just treat both http and https equally and make all the canonical urls https - or if one wanted to be clever then use ENABLE_SSL to determine the format for the canonical - in other words if SSL is enabled make all the canonicals https)