tempfork/x509: fix build on darwin and windows

These fixes were originally in the updates to CL 229917 after
Trybots failed there.
See https://go-review.googlesource.com/c/go/+/229917/1..3
This commit is contained in:
Brad Fitzpatrick 2020-04-25 08:03:10 -07:00
parent bfc1261ab6
commit 8fd8fc9c7d
3 changed files with 18 additions and 7 deletions

View File

@ -305,8 +305,13 @@ func loadSystemRoots() (*CertPool, error) {
untrustedRoots.AppendCertsFromPEM(buf)
trustedRoots := NewCertPool()
for _, c := range roots.certs {
if !untrustedRoots.contains(c) {
for i := 0; i < roots.len(); i++ {
c := roots.mustCert(i)
contains, err := untrustedRoots.contains(c)
if err != nil {
return nil, err
}
if !contains {
trustedRoots.AddCert(c)
}
}

View File

@ -40,7 +40,7 @@ func TestSystemRoots(t *testing.T) {
// with extra certs?) Other OS X users report 135, 142, 145...
// Let's try requiring at least 100, since this is just a sanity
// check.
if want, have := 100, len(sysRoots.certs); have < want {
if want, have := 100, sysRoots.len(); have < want {
t.Errorf("want at least %d system roots, have %d", want, have)
}
@ -56,11 +56,13 @@ func TestSystemRoots(t *testing.T) {
allCerts.AppendCertsFromPEM(out)
// Check that the two cert pools are the same.
sysPool := make(map[string]*Certificate, len(sysRoots.certs))
for _, c := range sysRoots.certs {
sysPool := make(map[string]*Certificate, sysRoots.len())
for i := 0; i < sysRoots.len(); i++ {
c := sysRoots.mustCert(i)
sysPool[string(c.Raw)] = c
}
for _, c := range execRoots.certs {
for i := 0; i < execRoots.len(); i++ {
c := execRoots.mustCert(i)
if _, ok := sysPool[string(c.Raw)]; ok {
delete(sysPool, string(c.Raw))
} else {

View File

@ -38,7 +38,11 @@ func createStoreContext(leaf *Certificate, opts *VerifyOptions) (*syscall.CertCo
}
if opts.Intermediates != nil {
for _, intermediate := range opts.Intermediates.certs {
for i := 0; i < opts.Intermediates.len(); i++ {
intermediate, err := opts.Intermediates.cert(i)
if err != nil {
return nil, err
}
ctx, err := syscall.CertCreateCertificateContext(syscall.X509_ASN_ENCODING|syscall.PKCS_7_ASN_ENCODING, &intermediate.Raw[0], uint32(len(intermediate.Raw)))
if err != nil {
return nil, err