aboutsummaryrefslogtreecommitdiff
path: root/src/crypto/x509/root_darwin_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/x509/root_darwin_test.go')
-rw-r--r--src/crypto/x509/root_darwin_test.go131
1 files changed, 0 insertions, 131 deletions
diff --git a/src/crypto/x509/root_darwin_test.go b/src/crypto/x509/root_darwin_test.go
deleted file mode 100644
index e6b52e9f917..00000000000
--- a/src/crypto/x509/root_darwin_test.go
+++ /dev/null
@@ -1,131 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package x509_test
-
-import (
- "crypto/tls"
- "crypto/x509"
- "internal/testenv"
- "testing"
- "time"
-)
-
-func TestPlatformVerifierLegacy(t *testing.T) {
- // TODO(#52108): This can be removed once the synthetic test root is deployed on
- // builders.
- if !testenv.HasExternalNetwork() {
- t.Skip()
- }
-
- getChain := func(host string) []*x509.Certificate {
- t.Helper()
- c, err := tls.Dial("tcp", host+":443", &tls.Config{InsecureSkipVerify: true})
- if err != nil {
- t.Fatalf("tls connection failed: %s", err)
- }
- return c.ConnectionState().PeerCertificates
- }
-
- tests := []struct {
- name string
- host string
- verifyName string
- verifyTime time.Time
- verifyEKU []x509.ExtKeyUsage
- expectedErr string
- skip string
- }{
- {
- // whatever google.com serves should, hopefully, be trusted
- name: "valid chain",
- host: "google.com",
- },
- {
- name: "expired leaf",
- host: "expired.badssl.com",
- expectedErr: "x509: certificate has expired or is not yet valid: “*.badssl.com” certificate is expired",
- },
- {
- name: "wrong host for leaf",
- host: "wrong.host.badssl.com",
- verifyName: "wrong.host.badssl.com",
- expectedErr: "x509: certificate is valid for *.badssl.com, badssl.com, not wrong.host.badssl.com",
- },
- {
- name: "self-signed leaf",
- host: "self-signed.badssl.com",
- expectedErr: "x509: certificate signed by unknown authority",
- },
- {
- name: "untrusted root",
- host: "untrusted-root.badssl.com",
- expectedErr: "x509: certificate signed by unknown authority",
- },
- {
- name: "revoked leaf",
- host: "revoked.badssl.com",
- expectedErr: "x509: “revoked.badssl.com” certificate is revoked",
- skip: "skipping; broken on recent versions of macOS. See issue 57428.",
- },
- {
- name: "leaf missing SCTs",
- host: "no-sct.badssl.com",
- expectedErr: "x509: “no-sct.badssl.com” certificate is not standards compliant",
- skip: "skipping; broken on recent versions of macOS. See issue 57428.",
- },
- {
- name: "expired leaf (custom time)",
- host: "google.com",
- verifyTime: time.Time{}.Add(time.Hour),
- expectedErr: "x509: certificate has expired or is not yet valid: “*.google.com” certificate is expired",
- },
- {
- name: "valid chain (custom time)",
- host: "google.com",
- verifyTime: time.Now(),
- },
- {
- name: "leaf doesn't have acceptable ExtKeyUsage",
- host: "google.com",
- expectedErr: "x509: certificate specifies an incompatible key usage",
- verifyEKU: []x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection},
- },
- }
-
- for _, tc := range tests {
- t.Run(tc.name, func(t *testing.T) {
- if tc.skip != "" {
- t.Skip(tc.skip)
- }
-
- chain := getChain(tc.host)
- var opts x509.VerifyOptions
- if len(chain) > 1 {
- opts.Intermediates = x509.NewCertPool()
- for _, c := range chain[1:] {
- opts.Intermediates.AddCert(c)
- }
- }
- if tc.verifyName != "" {
- opts.DNSName = tc.verifyName
- }
- if !tc.verifyTime.IsZero() {
- opts.CurrentTime = tc.verifyTime
- }
- if len(tc.verifyEKU) > 0 {
- opts.KeyUsages = tc.verifyEKU
- }
-
- _, err := chain[0].Verify(opts)
- if err != nil && tc.expectedErr == "" {
- t.Errorf("unexpected verification error: %s", err)
- } else if err != nil && err.Error() != tc.expectedErr {
- t.Errorf("unexpected verification error: got %q, want %q", err.Error(), tc.expectedErr)
- } else if err == nil && tc.expectedErr != "" {
- t.Errorf("unexpected verification success: want %q", tc.expectedErr)
- }
- })
- }
-}
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion