[release-branch.go1.20] crypto/x509: properly gate test on macos version
Fixes the gating of TestIssue51759 by shelling out to sw_vers to check
what version of macOS we are on.
For #64677
Fixes #65379
Change-Id: I5eef4fa39e5449e7b2aa73864625c3abf002aef8
Reviewed-on: https://go-review.googlesource.com/c/go/+/549195
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 400e24a8be852e7b20eb4af1999b28c20bb4ea21)
Reviewed-on: https://go-review.googlesource.com/c/go/+/559516
Auto-Submit: Michael Pratt <mpratt@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
diff --git a/src/crypto/x509/verify_test.go b/src/crypto/x509/verify_test.go
index d4cbb82..14856f8 100644
--- a/src/crypto/x509/verify_test.go
+++ b/src/crypto/x509/verify_test.go
@@ -16,9 +16,11 @@
"fmt"
"internal/testenv"
"math/big"
+ "os/exec"
"reflect"
"runtime"
"sort"
+ "strconv"
"strings"
"testing"
"time"
@@ -1855,17 +1857,40 @@
}
}
+func macosMajorVersion(t *testing.T) (int, error) {
+ cmd := testenv.Command(t, "sw_vers", "-productVersion")
+ out, err := cmd.Output()
+ if err != nil {
+ if ee, ok := err.(*exec.ExitError); ok && len(ee.Stderr) > 0 {
+ return 0, fmt.Errorf("%v: %v\n%s", cmd, err, ee.Stderr)
+ }
+ return 0, fmt.Errorf("%v: %v", cmd, err)
+ }
+ before, _, ok := strings.Cut(string(out), ".")
+ major, err := strconv.Atoi(before)
+ if !ok || err != nil {
+ return 0, fmt.Errorf("%v: unexpected output: %q", cmd, out)
+ }
+
+ return major, nil
+}
+
func TestIssue51759(t *testing.T) {
if runtime.GOOS != "darwin" {
t.Skip("only affects darwin")
}
- builder := testenv.Builder()
- if builder == "" {
- t.Skip("only run this test on the builders, as we have no reasonable way to gate tests on macOS versions elsewhere")
- }
- if builder == "darwin-amd64-10_14" || builder == "darwin-amd64-10_15" {
+
+ testenv.MustHaveExecPath(t, "sw_vers")
+ if vers, err := macosMajorVersion(t); err != nil {
+ if builder := testenv.Builder(); builder != "" {
+ t.Fatalf("unable to determine macOS version: %s", err)
+ } else {
+ t.Skip("unable to determine macOS version")
+ }
+ } else if vers < 11 {
t.Skip("behavior only enforced in macOS 11 and after")
}
+
// badCertData contains a cert that we parse as valid
// but that macOS SecCertificateCreateWithData rejects.
const badCertData = "0\x82\x01U0\x82\x01\a\xa0\x03\x02\x01\x02\x02\x01\x020\x05\x06\x03+ep0R1P0N\x06\x03U\x04\x03\x13Gderpkey8dc58100b2493614ee1692831a461f3f4dd3f9b3b088e244f887f81b4906ac260\x1e\x17\r220112235755Z\x17\r220313235755Z0R1P0N\x06\x03U\x04\x03\x13Gderpkey8dc58100b2493614ee1692831a461f3f4dd3f9b3b088e244f887f81b4906ac260*0\x05\x06\x03+ep\x03!\x00bA\xd8e\xadW\xcb\xefZ\x89\xb5\"\x1eR\x9d\xba\x0e:\x1042Q@\u007f\xbd\xfb{ks\x04\xd1£\x020\x000\x05\x06\x03+ep\x03A\x00[\xa7\x06y\x86(\x94\x97\x9eLwA\x00\x01x\xaa\xbc\xbd Ê]\n(΅!ف0\xf5\x9a%I\x19<\xffo\xf1\xeaaf@\xb1\xa7\xaf\xfd\xe9R\xc7\x0f\x8d&\xd5\xfc\x0f;Ϙ\x82\x84a\xbc\r"
