src/pkg/crypto/x509/root_darwin_test.go - Issue 22020045: code review 22020045: crypto/x509: add non-cgo darwin system anchor certs

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Delta Between Two Patch Sets: src/pkg/crypto/x509/root_darwin_test.go

Issue 22020045: code review 22020045: crypto/x509: add non-cgo darwin system anchor certs (Closed)

Left Patch Set: diff -r c0c2d0b05a77 https://code.google.com/p/go Created 11 years, 3 months ago

Right Patch Set: diff -r c0c2d0b05a77 https://code.google.com/p/go Created 11 years, 3 months ago

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 package x509	1 package x509

2	2

3 import (	3 import "testing"

4 » "testing"

5 )

6	4

7 func TestSystemRoots(t *testing.T) {	5 func TestSystemRoots(t *testing.T) {

8 » roots := systemRootsPool()	6 » sysRoots := systemRootsPool() // actual system roots

9 » if roots == nil {	7 » execRoots, err := execSecurityRoots() // non-cgo roots

10 » » t.Fatal("no system roots")	8

	9 » if err != nil {

	10 » » t.Fatalf("failed to read system roots: %v", err)

11 }	11 }

12 » // On Mavericks, there are 212 bundled certs; require only	12

13 » // 200 here, since this is just a sanity check, and the	13 » for _, tt := range []*CertPool{sysRoots, execRoots} {

14 » // exact number will vary over time.	14 » » if tt == nil {

15 » if want, have := 200, len(roots.certs); have < want {	15 » » » t.Fatal("no system roots")

16 » » t.Errorf("want at least %d system roots, have %d", want, have)	16 » » }

	17 » » // On Mavericks, there are 212 bundled certs; require only

	18 » » // 150 here, since this is just a sanity check, and the

	19 » » // exact number will vary over time.

	20 » » if want, have := 150, len(tt.certs); have < want {

	21 » » » t.Fatalf("want at least %d system roots, have %d", want, have)

	22 » » }

	23 » }

	24

	25 » // Check that the two cert pools are roughly the same;

	26 » // \|A∩B\| > max(\|A\|, \|B\|) / 2 should be a reasonably robust check.

	27

	28 » isect := make(map[string]bool, len(sysRoots.certs))

	29 » for _, c := range sysRoots.certs {

	30 » » isect[string(c.Raw)] = true

	31 » }

	32

	33 » have := 0

	34 » for _, c := range execRoots.certs {

	35 » » if isect[string(c.Raw)] {

	36 » » » have++

	37 » » }

	38 » }

	39

	40 » var want int

	41 » if nsys, nexec := len(sysRoots.certs), len(execRoots.certs); nsys > nexe c {

	42 » » want = nsys / 2

	43 » } else {

	44 » » want = nexec / 2

	45 » }

	46

	47 » if have < want {

	48 » » t.Errorf("insufficent overlap between cgo and non-cgo roots; wan t at least %d, have %d", want, have)

17 }	49 }

18 }	50 }

LEFT	RIGHT