crypto/x509: skip broken darwin root tests
For #57428.
For #35678.
Change-Id: I806c16d3ff3815b8681916753338356c444970d2
Reviewed-on: https://go-review.googlesource.com/c/go/+/482165
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Michael Pratt <mpratt@google.com>
diff --git a/src/crypto/x509/root_darwin_test.go b/src/crypto/x509/root_darwin_test.go
index 299cecf..df7ca99 100644
--- a/src/crypto/x509/root_darwin_test.go
+++ b/src/crypto/x509/root_darwin_test.go
@@ -33,6 +33,7 @@
verifyTime time.Time
verifyEKU []x509.ExtKeyUsage
expectedErr string
+ skip string
}{
{
// whatever google.com serves should, hopefully, be trusted
@@ -64,11 +65,13 @@
name: "revoked leaf",
host: "revoked.badssl.com",
expectedErr: "x509: “revoked.badssl.com” certificate is revoked",
+ skip: "skipping; broken on recent versions of macOS. See issue 57428.",
},
{
name: "leaf missing SCTs",
host: "no-sct.badssl.com",
expectedErr: "x509: “no-sct.badssl.com” certificate is not standards compliant",
+ skip: "skipping; broken on recent versions of macOS. See issue 57428.",
},
{
name: "expired leaf (custom time)",
@@ -91,6 +94,10 @@
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
+ if tc.skip != "" {
+ t.Skip(tc.skip)
+ }
+
chain := getChain(tc.host)
var opts x509.VerifyOptions
if len(chain) > 1 {
