[release-branch.go1.21] crypto/x509: remove TestPlatformVerifierLegacy tests

They are no longer necessary, woohoo! Updates #52108 Fixes #56791 Fixes #67351 Change-Id: I11a4c17162da4295309f74f2f8362bab0f506f78 Reviewed-on: https://go-review.googlesource.com/c/go/+/548976 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Bryan Mills <bcmills@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> (cherry picked from commit c1828fbcbf8b8e18308e87bbac0d71244ec167f5) Reviewed-on: https://go-review.googlesource.com/c/go/+/586215 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
author: Roland Shoemaker <roland@golang.org> 2023-12-11 14:23:12 -0800
committer: Gopher Robot <gobot@golang.org> 2024-05-16 21:25:58 +0000
commit: 6f5219571c5fde780573918ba334030f002ce00e (patch)
tree: a6a409d2f7ffe695fe8ad37623a60bd7e6e16bca
parent: e9f3c9b7cd223c977e10515a03db217ce828530d (diff)
download: go-6f5219571c5fde780573918ba334030f002ce00e.tar.gz
go-6f5219571c5fde780573918ba334030f002ce00e.zip
2 files changed, 0 insertions, 258 deletions
diff --git a/src/crypto/x509/root_darwin_test.go b/src/crypto/x509/root_darwin_test.go
deleted file mode 100644
index e6b52e9f917..00000000000
--- a/src/crypto/x509/root_darwin_test.go
+++ /dev/null
@@ -1,131 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package x509_test
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"internal/testenv"
-	"testing"
-	"time"
-)
-
-func TestPlatformVerifierLegacy(t *testing.T) {
-	// TODO(#52108): This can be removed once the synthetic test root is deployed on
-	// builders.
-	if !testenv.HasExternalNetwork() {
-		t.Skip()
-	}
-
-	getChain := func(host string) []*x509.Certificate {
-		t.Helper()
-		c, err := tls.Dial("tcp", host+":443", &tls.Config{InsecureSkipVerify: true})
-		if err != nil {
-			t.Fatalf("tls connection failed: %s", err)
-		}
-		return c.ConnectionState().PeerCertificates
-	}
-
-	tests := []struct {
-		name        string
-		host        string
-		verifyName  string
-		verifyTime  time.Time
-		verifyEKU   []x509.ExtKeyUsage
-		expectedErr string
-		skip        string
-	}{
-		{
-			// whatever google.com serves should, hopefully, be trusted
-			name: "valid chain",
-			host: "google.com",
-		},
-		{
-			name:        "expired leaf",
-			host:        "expired.badssl.com",
-			expectedErr: "x509: certificate has expired or is not yet valid: “*.badssl.com” certificate is expired",
-		},
-		{
-			name:        "wrong host for leaf",
-			host:        "wrong.host.badssl.com",
-			verifyName:  "wrong.host.badssl.com",
-			expectedErr: "x509: certificate is valid for *.badssl.com, badssl.com, not wrong.host.badssl.com",
-		},
-		{
-			name:        "self-signed leaf",
-			host:        "self-signed.badssl.com",
-			expectedErr: "x509: certificate signed by unknown authority",
-		},
-		{
-			name:        "untrusted root",
-			host:        "untrusted-root.badssl.com",
-			expectedErr: "x509: certificate signed by unknown authority",
-		},
-		{
-			name:        "revoked leaf",
-			host:        "revoked.badssl.com",
-			expectedErr: "x509: “revoked.badssl.com” certificate is revoked",
-			skip:        "skipping; broken on recent versions of macOS. See issue 57428.",
-		},
-		{
-			name:        "leaf missing SCTs",
-			host:        "no-sct.badssl.com",
-			expectedErr: "x509: “no-sct.badssl.com” certificate is not standards compliant",
-			skip:        "skipping; broken on recent versions of macOS. See issue 57428.",
-		},
-		{
-			name:        "expired leaf (custom time)",
-			host:        "google.com",
-			verifyTime:  time.Time{}.Add(time.Hour),
-			expectedErr: "x509: certificate has expired or is not yet valid: “*.google.com” certificate is expired",
-		},
-		{
-			name:       "valid chain (custom time)",
-			host:       "google.com",
-			verifyTime: time.Now(),
-		},
-		{
-			name:        "leaf doesn't have acceptable ExtKeyUsage",
-			host:        "google.com",
-			expectedErr: "x509: certificate specifies an incompatible key usage",
-			verifyEKU:   []x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection},
-		},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			if tc.skip != "" {
-				t.Skip(tc.skip)
-			}
-
-			chain := getChain(tc.host)
-			var opts x509.VerifyOptions
-			if len(chain) > 1 {
-				opts.Intermediates = x509.NewCertPool()
-				for _, c := range chain[1:] {
-					opts.Intermediates.AddCert(c)
-				}
-			}
-			if tc.verifyName != "" {
-				opts.DNSName = tc.verifyName
-			}
-			if !tc.verifyTime.IsZero() {
-				opts.CurrentTime = tc.verifyTime
-			}
-			if len(tc.verifyEKU) > 0 {
-				opts.KeyUsages = tc.verifyEKU
-			}
-
-			_, err := chain[0].Verify(opts)
-			if err != nil && tc.expectedErr == "" {
-				t.Errorf("unexpected verification error: %s", err)
-			} else if err != nil && err.Error() != tc.expectedErr {
-				t.Errorf("unexpected verification error: got %q, want %q", err.Error(), tc.expectedErr)
-			} else if err == nil && tc.expectedErr != "" {
-				t.Errorf("unexpected verification success: want %q", tc.expectedErr)
-			}
-		})
-	}
-}
diff --git a/src/crypto/x509/root_windows_test.go b/src/crypto/x509/root_windows_test.go
deleted file mode 100644
index 1372c043b20..00000000000
--- a/src/crypto/x509/root_windows_test.go
+++ /dev/null
@@ -1,127 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package x509_test
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"errors"
-	"internal/testenv"
-	"net"
-	"strings"
-	"syscall"
-	"testing"
-	"time"
-)
-
-func TestPlatformVerifierLegacy(t *testing.T) {
-	// TODO(#52108): This can be removed once the synthetic test root is deployed on
-	// builders.
-	if !testenv.HasExternalNetwork() {
-		t.Skip()
-	}
-
-	getChain := func(t *testing.T, host string) []*x509.Certificate {
-		t.Helper()
-		c, err := tls.Dial("tcp", host+":443", &tls.Config{InsecureSkipVerify: true})
-		if err != nil {
-			// From https://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2,
-			// matching the error string observed in https://go.dev/issue/52094.
-			const WSATRY_AGAIN syscall.Errno = 11002
-			var errDNS *net.DNSError
-			if strings.HasSuffix(host, ".badssl.com") && errors.As(err, &errDNS) && strings.HasSuffix(errDNS.Err, WSATRY_AGAIN.Error()) {
-				t.Log(err)
-				testenv.SkipFlaky(t, 52094)
-			}
-
-			t.Fatalf("tls connection failed: %s", err)
-		}
-		return c.ConnectionState().PeerCertificates
-	}
-
-	tests := []struct {
-		name        string
-		host        string
-		verifyName  string
-		verifyTime  time.Time
-		expectedErr string
-	}{
-		{
-			// whatever google.com serves should, hopefully, be trusted
-			name: "valid chain",
-			host: "google.com",
-		},
-		{
-			name:       "valid chain (dns check)",
-			host:       "google.com",
-			verifyName: "google.com",
-		},
-		{
-			name:       "valid chain (fqdn dns check)",
-			host:       "google.com.",
-			verifyName: "google.com.",
-		},
-		{
-			name:        "expired leaf",
-			host:        "expired.badssl.com",
-			expectedErr: "x509: certificate has expired or is not yet valid: ",
-		},
-		{
-			name:        "wrong host for leaf",
-			host:        "wrong.host.badssl.com",
-			verifyName:  "wrong.host.badssl.com",
-			expectedErr: "x509: certificate is valid for *.badssl.com, badssl.com, not wrong.host.badssl.com",
-		},
-		{
-			name:        "self-signed leaf",
-			host:        "self-signed.badssl.com",
-			expectedErr: "x509: certificate signed by unknown authority",
-		},
-		{
-			name:        "untrusted root",
-			host:        "untrusted-root.badssl.com",
-			expectedErr: "x509: certificate signed by unknown authority",
-		},
-		{
-			name:        "expired leaf (custom time)",
-			host:        "google.com",
-			verifyTime:  time.Time{}.Add(time.Hour),
-			expectedErr: "x509: certificate has expired or is not yet valid: ",
-		},
-		{
-			name:       "valid chain (custom time)",
-			host:       "google.com",
-			verifyTime: time.Now(),
-		},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			chain := getChain(t, tc.host)
-			var opts x509.VerifyOptions
-			if len(chain) > 1 {
-				opts.Intermediates = x509.NewCertPool()
-				for _, c := range chain[1:] {
-					opts.Intermediates.AddCert(c)
-				}
-			}
-			if tc.verifyName != "" {
-				opts.DNSName = tc.verifyName
-			}
-			if !tc.verifyTime.IsZero() {
-				opts.CurrentTime = tc.verifyTime
-			}
-
-			_, err := chain[0].Verify(opts)
-			if err != nil && tc.expectedErr == "" {
-				t.Errorf("unexpected verification error: %s", err)
-			} else if err != nil && err.Error() != tc.expectedErr {
-				t.Errorf("unexpected verification error: got %q, want %q", err.Error(), tc.expectedErr)
-			} else if err == nil && tc.expectedErr != "" {
-				t.Errorf("unexpected verification success: want %q", tc.expectedErr)
-			}
-		})
-	}
-}
author	Roland Shoemaker <roland@golang.org>	2023-12-11 14:23:12 -0800
committer	Gopher Robot <gobot@golang.org>	2024-05-16 21:25:58 +0000
commit	6f5219571c5fde780573918ba334030f002ce00e (patch)
tree	a6a409d2f7ffe695fe8ad37623a60bd7e6e16bca
parent	e9f3c9b7cd223c977e10515a03db217ce828530d (diff)
download	go-6f5219571c5fde780573918ba334030f002ce00e.tar.gz go-6f5219571c5fde780573918ba334030f002ce00e.zip