diff options
author | Roland Shoemaker <roland@golang.org> | 2023-03-01 08:39:04 -0800 |
---|---|---|
committer | Gopher Robot <gobot@golang.org> | 2023-03-01 21:50:56 +0000 |
commit | 0d288f90c4da361044b5876bf15985abb98fae07 (patch) | |
tree | d4d3dc1f98691016e9adbdf0105703b392e54988 | |
parent | 21e451ec446724c9f3f124139e07d88ff812a1bc (diff) | |
download | go-git-0d288f90c4da361044b5876bf15985abb98fae07.tar.gz |
[release-branch.go1.19] crypto/x509: fix broken tests
Convert TestUnknownAuthorityError to use subtests, avoiding continuing
the test after an unrecoverable failure.
Skip TestIssue51759 on pre-macOS 11 builders, which don't enforce the
behavior we were testing for. Also only enable the test on builders.
Updates #58791
Updates #58812
Fixes #58810
Change-Id: I4e3e5bc371aa139d38052184c8232f8cb564138f
Reviewed-on: https://go-review.googlesource.com/c/go/+/472496
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
(cherry picked from commit cf3d0655f8ca2de555549f6e8a91bf8654da7e6c)
Reviewed-on: https://go-review.googlesource.com/c/go/+/472617
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
-rw-r--r-- | src/crypto/x509/verify_test.go | 58 |
1 files changed, 34 insertions, 24 deletions
diff --git a/src/crypto/x509/verify_test.go b/src/crypto/x509/verify_test.go index cd9f6a8788..164c47fd6d 100644 --- a/src/crypto/x509/verify_test.go +++ b/src/crypto/x509/verify_test.go @@ -1481,33 +1481,36 @@ ePBQCV1F9sE2q4ZrnsT9TZoNrSe/bMDjzA== -----END CERTIFICATE-----` var unknownAuthorityErrorTests = []struct { + name string cert string expected string }{ - {selfSignedWithCommonName, "x509: certificate signed by unknown authority (possibly because of \"empty\" while trying to verify candidate authority certificate \"test\")"}, - {selfSignedNoCommonNameWithOrgName, "x509: certificate signed by unknown authority (possibly because of \"empty\" while trying to verify candidate authority certificate \"ca\")"}, - {selfSignedNoCommonNameNoOrgName, "x509: certificate signed by unknown authority (possibly because of \"empty\" while trying to verify candidate authority certificate \"serial:0\")"}, + {"self-signed, cn", selfSignedWithCommonName, "x509: certificate signed by unknown authority (possibly because of \"empty\" while trying to verify candidate authority certificate \"test\")"}, + {"self-signed, no cn, org", selfSignedNoCommonNameWithOrgName, "x509: certificate signed by unknown authority (possibly because of \"empty\" while trying to verify candidate authority certificate \"ca\")"}, + {"self-signed, no cn, no org", selfSignedNoCommonNameNoOrgName, "x509: certificate signed by unknown authority (possibly because of \"empty\" while trying to verify candidate authority certificate \"serial:0\")"}, } func TestUnknownAuthorityError(t *testing.T) { for i, tt := range unknownAuthorityErrorTests { - der, _ := pem.Decode([]byte(tt.cert)) - if der == nil { - t.Errorf("#%d: Unable to decode PEM block", i) - } - c, err := ParseCertificate(der.Bytes) - if err != nil { - t.Errorf("#%d: Unable to parse certificate -> %v", i, err) - } - uae := &UnknownAuthorityError{ - Cert: c, - hintErr: fmt.Errorf("empty"), - hintCert: c, - } - actual := uae.Error() - if actual != tt.expected { - t.Errorf("#%d: UnknownAuthorityError.Error() response invalid actual: %s expected: %s", i, actual, tt.expected) - } + t.Run(tt.name, func(t *testing.T) { + der, _ := pem.Decode([]byte(tt.cert)) + if der == nil { + t.Fatalf("#%d: Unable to decode PEM block", i) + } + c, err := ParseCertificate(der.Bytes) + if err != nil { + t.Fatalf("#%d: Unable to parse certificate -> %v", i, err) + } + uae := &UnknownAuthorityError{ + Cert: c, + hintErr: fmt.Errorf("empty"), + hintCert: c, + } + actual := uae.Error() + if actual != tt.expected { + t.Errorf("#%d: UnknownAuthorityError.Error() response invalid actual: %s expected: %s", i, actual, tt.expected) + } + }) } } @@ -1857,6 +1860,13 @@ func TestIssue51759(t *testing.T) { if runtime.GOOS != "darwin" { t.Skip("only affects darwin") } + builder := testenv.Builder() + if builder == "" { + t.Skip("only run this test on the builders, as we have no reasonable way to gate tests on macOS versions elsewhere") + } + if builder == "darwin-amd64-10_14" || builder == "darwin-amd64-10_15" { + t.Skip("behavior only enforced in macOS 11 and after") + } // badCertData contains a cert that we parse as valid // but that macOS SecCertificateCreateWithData rejects. const badCertData = "0\x82\x01U0\x82\x01\a\xa0\x03\x02\x01\x02\x02\x01\x020\x05\x06\x03+ep0R1P0N\x06\x03U\x04\x03\x13Gderpkey8dc58100b2493614ee1692831a461f3f4dd3f9b3b088e244f887f81b4906ac260\x1e\x17\r220112235755Z\x17\r220313235755Z0R1P0N\x06\x03U\x04\x03\x13Gderpkey8dc58100b2493614ee1692831a461f3f4dd3f9b3b088e244f887f81b4906ac260*0\x05\x06\x03+ep\x03!\x00bA\xd8e\xadW\xcb\xefZ\x89\xb5\"\x1eR\x9d\xba\x0e:\x1042Q@\u007f\xbd\xfb{ks\x04\xd1£\x020\x000\x05\x06\x03+ep\x03A\x00[\xa7\x06y\x86(\x94\x97\x9eLwA\x00\x01x\xaa\xbc\xbd Ê]\n(΅!ف0\xf5\x9a%I\x19<\xffo\xf1\xeaaf@\xb1\xa7\xaf\xfd\xe9R\xc7\x0f\x8d&\xd5\xfc\x0f;Ϙ\x82\x84a\xbc\r" @@ -1867,9 +1877,9 @@ func TestIssue51759(t *testing.T) { t.Run("leaf", func(t *testing.T) { opts := VerifyOptions{} - expectedErr := errors.New("invalid leaf certificate") + expectedErr := "invalid leaf certificate" _, err = badCert.Verify(opts) - if err.Error() != expectedErr.Error() { + if err == nil || err.Error() != expectedErr { t.Fatalf("unexpected error: want %q, got %q", expectedErr, err) } }) @@ -1884,9 +1894,9 @@ func TestIssue51759(t *testing.T) { Intermediates: NewCertPool(), } opts.Intermediates.AddCert(badCert) - expectedErr := errors.New("SecCertificateCreateWithData: invalid certificate") + expectedErr := "SecCertificateCreateWithData: invalid certificate" _, err = goodCert.Verify(opts) - if err.Error() != expectedErr.Error() { + if err == nil || err.Error() != expectedErr { t.Fatalf("unexpected error: want %q, got %q", expectedErr, err) } }) |