crypto/x509: fix system root tests + darwin intermediate handling

On Windows, replace tests which rely on a root that expired last year. On Darwin fix an test which wasn't testing the expected behavior, and fix the behavior which was broken. Fixes #58791 Change-Id: I771175b9e123b8bb0e4efdf58cc2bb93aa94fbae Reviewed-on: https://go-review.googlesource.com/c/go/+/472295 TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Bryan Mills <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]>
golang · Mar 1, 2023 · bb8f9a6 · bb8f9a6
1 parent 0384235
commit bb8f9a6
Show file tree

Hide file tree

Showing 3 changed files with 238 additions and 259 deletions.
diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go
@@ -25,9 +25,10 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
 				return nil, err
 			}
 			sc, err := macOS.SecCertificateCreateWithData(c.Raw)
-			if err == nil {
-				macOS.CFArrayAppendValue(certs, sc)
+			if err != nil {
+				return nil, err
 			}
+			macOS.CFArrayAppendValue(certs, sc)
 		}
 	}
 

diff --git a/src/crypto/x509/root_unix_test.go b/src/crypto/x509/root_unix_test.go
@@ -149,7 +149,7 @@ func TestLoadSystemCertsLoadColonSeparatedDirs(t *testing.T) {
 	tmpDir := t.TempDir()
 
 	rootPEMs := []string{
-		geoTrustRoot,
+		gtsRoot,
 		googleLeaf,
 		startComRoot,
 	}