tempfork/x509: fix build on darwin and windows

These fixes were originally in the updates to CL 229917 after Trybots failed there. See https://go-review.googlesource.com/c/go/+/229917/1..3
2024-11-29 04:55:31 +00:00 · 2020-04-25 08:03:10 -07:00 · 2020-04-25 08:03:10 -07:00 · 8fd8fc9c7d
commit 8fd8fc9c7d
parent bfc1261ab6
3 changed files with 18 additions and 7 deletions
--- a/tempfork/x509/root_cgo_darwin.go
+++ b/tempfork/x509/root_cgo_darwin.go
@ -305,8 +305,13 @@ func loadSystemRoots() (*CertPool, error) {
 	untrustedRoots.AppendCertsFromPEM(buf)

 	trustedRoots := NewCertPool()
-	for _, c := range roots.certs {
-		if !untrustedRoots.contains(c) {
+	for i := 0; i < roots.len(); i++ {
+		c := roots.mustCert(i)
+		contains, err := untrustedRoots.contains(c)
+		if err != nil {
+			return nil, err
+		}
+		if !contains {
 			trustedRoots.AddCert(c)
 		}
 	}
--- a/tempfork/x509/root_darwin_test.go
+++ b/tempfork/x509/root_darwin_test.go
@ -40,7 +40,7 @@ func TestSystemRoots(t *testing.T) {
 	// with extra certs?) Other OS X users report 135, 142, 145...
 	// Let's try requiring at least 100, since this is just a sanity
 	// check.
-	if want, have := 100, len(sysRoots.certs); have < want {
+	if want, have := 100, sysRoots.len(); have < want {
 		t.Errorf("want at least %d system roots, have %d", want, have)
 	}

@ -56,11 +56,13 @@ func TestSystemRoots(t *testing.T) {
 	allCerts.AppendCertsFromPEM(out)

 	// Check that the two cert pools are the same.
-	sysPool := make(map[string]*Certificate, len(sysRoots.certs))
-	for _, c := range sysRoots.certs {
+	sysPool := make(map[string]*Certificate, sysRoots.len())
+	for i := 0; i < sysRoots.len(); i++ {
+		c := sysRoots.mustCert(i)
 		sysPool[string(c.Raw)] = c
 	}
-	for _, c := range execRoots.certs {
+	for i := 0; i < execRoots.len(); i++ {
+		c := execRoots.mustCert(i)
 		if _, ok := sysPool[string(c.Raw)]; ok {
 			delete(sysPool, string(c.Raw))
 		} else {
--- a/tempfork/x509/root_windows.go
+++ b/tempfork/x509/root_windows.go
@ -38,7 +38,11 @@ func createStoreContext(leaf *Certificate, opts *VerifyOptions) (*syscall.CertCo
 	}

 	if opts.Intermediates != nil {
-		for _, intermediate := range opts.Intermediates.certs {
+		for i := 0; i < opts.Intermediates.len(); i++ {
+			intermediate, err := opts.Intermediates.cert(i)
+			if err != nil {
+				return nil, err
+			}
 			ctx, err := syscall.CertCreateCertificateContext(syscall.X509_ASN_ENCODING|syscall.PKCS_7_ASN_ENCODING, &intermediate.Raw[0], uint32(len(intermediate.Raw)))
 			if err != nil {
 				return nil, err