1 files changed, 18 insertions, 5 deletions

diff --git a/src/crypto/x509/root_darwin_test.go b/src/crypto/x509/root_darwin_test.go
index 8b6b1516ae..2784ce2f0f 100644
--- a/src/crypto/x509/root_darwin_test.go
+++ b/src/crypto/x509/root_darwin_test.go
@@ -7,6 +7,7 @@ package x509
 import (
 	"runtime"
 	"testing"
+	"time"
 )
 
 func TestSystemRoots(t *testing.T) {
@@ -15,21 +16,33 @@ func TestSystemRoots(t *testing.T) {
 		t.Skipf("skipping on %s/%s, no system root", runtime.GOOS, runtime.GOARCH)
 	}
 
-	sysRoots := systemRootsPool()         // actual system roots
+	t0 := time.Now()
+	sysRoots := systemRootsPool() // actual system roots
+	sysRootsDuration := time.Since(t0)
+
+	t1 := time.Now()
 	execRoots, err := execSecurityRoots() // non-cgo roots
+	execSysRootsDuration := time.Since(t1)
 
 	if err != nil {
 		t.Fatalf("failed to read system roots: %v", err)
 	}
 
+	t.Logf("    cgo sys roots: %v", sysRootsDuration)
+	t.Logf("non-cgo sys roots: %v", execSysRootsDuration)
+
 	for _, tt := range []*CertPool{sysRoots, execRoots} {
 		if tt == nil {
 			t.Fatal("no system roots")
 		}
-		// On Mavericks, there are 212 bundled certs; require only
-		// 150 here, since this is just a sanity check, and the
-		// exact number will vary over time.
-		if want, have := 150, len(tt.certs); have < want {
+		// On Mavericks, there are 212 bundled certs, at least
+		// there was at one point in time on one machine.
+		// (Maybe it was a corp laptop with extra certs?)
+		// Other OS X users report
+		// 135, 142, 145...  Let's try requiring at least 100,
+		// since this is just a sanity check.
+		t.Logf("got %d roots", len(tt.certs))
+		if want, have := 100, len(tt.certs); have < want {
 			t.Fatalf("want at least %d system roots, have %d", want, have)
 		}
 	}