crypto/x509: skip broken darwin root tests

For #57428. For #35678. Change-Id: I806c16d3ff3815b8681916753338356c444970d2 Reviewed-on: https://go-review.googlesource.com/c/go/+/482165 Reviewed-by: Bryan Mills <bcmills@google.com> Auto-Submit: Michael Pratt <mpratt@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Michael Pratt <mpratt@google.com>
2023-04-10 11:25:06 -04:00 · 2023-04-10 11:25:06 -04:00 · 9efca84066
parent 80eeec6979
commit 9efca84066
1 changed files with 7 additions and 0 deletions
--- a/src/crypto/x509/root_darwin_test.go
+++ b/src/crypto/x509/root_darwin_test.go
@ -33,6 +33,7 @@ func TestPlatformVerifier(t *testing.T) {
 		verifyTime  time.Time
 		verifyEKU   []x509.ExtKeyUsage
 		expectedErr string
+		skip        string
 	}{
 		{
 			// whatever google.com serves should, hopefully, be trusted
@ -64,11 +65,13 @@ func TestPlatformVerifier(t *testing.T) {
 			name:        "revoked leaf",
 			host:        "revoked.badssl.com",
 			expectedErr: "x509: “revoked.badssl.com” certificate is revoked",
+			skip:        "skipping; broken on recent versions of macOS. See issue 57428.",
 		},
 		{
 			name:        "leaf missing SCTs",
 			host:        "no-sct.badssl.com",
 			expectedErr: "x509: “no-sct.badssl.com” certificate is not standards compliant",
+			skip:        "skipping; broken on recent versions of macOS. See issue 57428.",
 		},
 		{
 			name:        "expired leaf (custom time)",
@ -91,6 +94,10 @@ func TestPlatformVerifier(t *testing.T) {

 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
+			if tc.skip != "" {
+				t.Skip(tc.skip)
+			}
+
 			chain := getChain(tc.host)
 			var opts x509.VerifyOptions
 			if len(chain) > 1 {