Last active
April 15, 2020 08:29
-
-
Save henvic/68d9d64bd0120cb74464c5df53c692c0 to your computer and use it in GitHub Desktop.
TestSystemRoots results in
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ GO111MODULE=on go get golang.org/dl/gotip@latest | |
| $ gotip download 227037 | |
| $ GODEBUG=x509roots=1 gotip test crypto/x509 -v -run TestSystemRoots | |
| === RUN TestSystemRoots | |
| crypto/x509: trust settings for CN=Blue Coat Public Services Intermediate CA,OU=Symantec Trust Network,O=Blue Coat Systems\, Inc.,C=US: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=CINRADIUS2.windows.cin.ufpe.br: 4 | |
| crypto/x509: trust settings for CN=windows-CINRADIUS2-CA: 1 | |
| crypto/x509: trust settings for CN=CINRADIUS2.windows.cin.ufpe.br: 4 | |
| crypto/x509: trust settings for CN=Charles Proxy Custom Root Certificate (built on henvic-mp.local\, 19 Oct 2015),OU=http://charlesproxy.com/ssl,O=XK72 Ltd,L=Auckland,ST=Auckland,C=NZ: 1 | |
| crypto/x509: trust settings for CN=localhost.localdomain,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US: 4 | |
| crypto/x509: trust settings for CN=localhost.localdomain,OU=Touchstone,O=ARRIS Group Inc.,ST=Georgia,C=US: 4 | |
| crypto/x509: trust settings for CN=pfSense-5e95d26d276ac,O=pfSense webConfigurator Self-Signed Certificate: 4 | |
| crypto/x509: trust settings for CN=pfSense-5e95d52001397,O=pfSense webConfigurator Self-Signed Certificate: 4 | |
| crypto/x509: trust settings for CN=openvpnas2: 4 | |
| crypto/x509: trust settings for CN=Leap Motion Local Certificate,OU=WebServices,O=Leap Motion\, Inc.,L=San Francisco,ST=California,C=US: 1 | |
| crypto/x509: trust settings for O=Government Root Certification Authority,C=TW: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=DoD CLASS 3 Root CA,OU=DoD+OU=PKI,O=U.S. Government,C=US: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=DoD Root CA 2,OU=DoD+OU=PKI,O=U.S. Government,C=US: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=China Internet Network Information Center EV Certificates Root,O=China Internet Network Information Center,C=CN: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=Federal Common Policy CA,OU=FPKI,O=U.S. Government,C=US: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=VRK Gov. Root CA,OU=Certification Authority Services+OU=Varmennepalvelut,O=Vaestorekisterikeskus CA,ST=Finland,C=FI: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=SwissSign CA (RSA IK May 6 1999 18:00:58),O=SwissSign,C=CH: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=AC Raíz Certicámara S.A.,O=Sociedad Cameral de Certificación Digital - Certicámara S.A.,C=CO: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=CNNIC ROOT,O=CNNIC,C=CN: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı,O=(c) 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.,L=ANKARA,C=TR: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı,O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005,L=Ankara,C=TR: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı,O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007,L=Ankara,C=TR: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=KISA RootCA 1,OU=Korea Certification Authority Central,O=KISA,C=KR: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=Autoridad de Certificacion Raiz del Estado Venezolano,OU=Superintendencia de Servicios de Certificacion Electronica,O=Sistema Nacional de Certificacion Electronica,L=Caracas,ST=Distrito Capital,C=VE: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES: SecTrustSettingsCopyTrustSettings error: -25262 | |
| crypto/x509: trust settings for CN=dlv-cert: 1 | |
| crypto/x509: trust settings for CN=mkcert [email protected] (Henrique Vicente de Oliveira Pinto),[email protected] (Henrique Vicente de Oliveira Pinto),O=mkcert development CA: 1 | |
| TestSystemRoots: root_darwin_test.go:23: loadSystemRoots: 339.992727ms | |
| crypto/x509: kSecTrustSettingsResultInvalid = 0 | |
| crypto/x509: kSecTrustSettingsResultTrustRoot = 1 | |
| crypto/x509: kSecTrustSettingsResultTrustAsRoot = 2 | |
| crypto/x509: kSecTrustSettingsResultDeny = 3 | |
| crypto/x509: kSecTrustSettingsResultUnspecified = 4 | |
| crypto/x509: Leap Motion Local Certificate returned 1 | |
| crypto/x509: Government Root Certification Authority returned 4 | |
| crypto/x509: DoD CLASS 3 Root CA returned 4 | |
| crypto/x509: DoD Root CA 2 returned 4 | |
| crypto/x509: China Internet Network Information Center EV Certificates Root returned 4 | |
| crypto/x509: Federal Common Policy CA returned 4 | |
| crypto/x509: VRK Gov. Root CA returned 4 | |
| crypto/x509: SwissSign Silver CA - G2 returned 4 | |
| crypto/x509: SwissSign Platinum CA - G2 returned 4 | |
| crypto/x509: SwissSign Gold CA - G2 returned 4 | |
| crypto/x509: SwissSign CA (RSA IK May 6 1999 18:00:58) returned 4 | |
| crypto/x509: AC Raíz Certicámara S.A. returned 4 | |
| crypto/x509: Hongkong Post Root CA 1 returned 4 | |
| crypto/x509: Staat der Nederlanden EV Root CA returned 4 | |
| crypto/x509: Staat der Nederlanden Root CA returned 4 | |
| crypto/x509: Staat der Nederlanden Root CA - G2 returned 4 | |
| crypto/x509: CNNIC ROOT returned 4 | |
| crypto/x509: TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı returned 4 | |
| crypto/x509: TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı returned 4 | |
| crypto/x509: TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı returned 4 | |
| crypto/x509: KISA RootCA 1 returned 4 | |
| crypto/x509: Autoridad de Certificacion Raiz del Estado Venezolano returned 4 | |
| crypto/x509: Autoridad de Certificacion Firmaprofesional CIF A62634068 returned 4 | |
| crypto/x509: dlv-cert returned 1 | |
| crypto/x509: mkcert [email protected] (Henrique Vicente de Oliveira Pinto) returned 1 | |
| crypto/x509: Blue Coat Public Services Intermediate CA returned 4 | |
| crypto/x509: CINRADIUS2.windows.cin.ufpe.br returned 4 | |
| crypto/x509: windows-CINRADIUS2-CA returned 1 | |
| crypto/x509: CINRADIUS2.windows.cin.ufpe.br returned 4 | |
| crypto/x509: Charles Proxy Custom Root Certificate (built on henvic-mp.local, 19 Oct 2015) returned 1 | |
| crypto/x509: localhost.localdomain returned 4 | |
| crypto/x509: localhost.localdomain returned 4 | |
| crypto/x509: pfSense-5e95d26d276ac returned 4 | |
| crypto/x509: pfSense-5e95d52001397 returned 4 | |
| crypto/x509: openvpnas2 returned 4 | |
| TestSystemRoots: root_darwin_test.go:43: loadSystemRootsWithCgo: 275.270337ms | |
| --- PASS: TestSystemRoots (0.62s) | |
| PASS | |
| ok crypto/x509 0.897s |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| See https://twitter.com/FiloSottile/status/1250218833454997504 and https://golang.org/cl/227037. | |
| The certificates 'not present in cgo' pool is because I distrust CAs that are state actors on my system. | |
| $ sw_vers | |
| ProductName: Mac OS X | |
| ProductVersion: 10.15.4 | |
| BuildVersion: 19E266 | |
| $ uname -a | |
| Darwin henvic.local 19.4.0 Darwin Kernel Version 19.4.0: Wed Mar 4 22:28:40 PST 2020; root:xnu-6153.101.6~15/RELEASE_X86_64 x86_64 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ git rev-parse HEAD | |
| 8f53fad035ccc580859f7b063ae8be30b009a6be | |
| $ go version | |
| go version go1.14.1 darwin/amd64 | |
| $ go test crypto/x509 -v -run TestSystemRoots | |
| === RUN TestSystemRoots | |
| TestSystemRoots: root_darwin_test.go:35: cgo sys roots: 246.508159ms | |
| TestSystemRoots: root_darwin_test.go:36: non-cgo sys roots: 1.074184179s | |
| TestSystemRoots: root_darwin_test.go:79: signed certificate only present in non-cgo pool (acceptable): CN=Developer ID Certification Authority,OU=Apple Certification Authority,O=Apple Inc.,C=US | |
| TestSystemRoots: root_darwin_test.go:118: certificate only present in cgo pool: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH | |
| TestSystemRoots: root_darwin_test.go:99: off-EKU certificate only present in cgo pool (acceptable): CN=dlv-cert | |
| TestSystemRoots: root_darwin_test.go:118: certificate only present in cgo pool: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH | |
| TestSystemRoots: root_darwin_test.go:118: certificate only present in cgo pool: CN=KISA RootCA 1,OU=Korea Certification Authority Central,O=KISA,C=KR | |
| TestSystemRoots: root_darwin_test.go:118: certificate only present in cgo pool: O=Government Root Certification Authority,C=TW | |
| TestSystemRoots: root_darwin_test.go:118: certificate only present in cgo pool: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK | |
| TestSystemRoots: root_darwin_test.go:118: certificate only present in cgo pool: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL | |
| TestSystemRoots: root_darwin_test.go:118: certificate only present in cgo pool: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES | |
| TestSystemRoots: root_darwin_test.go:106: expired certificate only present in cgo pool (acceptable): CN=Leap Motion Local Certificate,OU=WebServices,O=Leap Motion\, Inc.,L=San Francisco,ST=California,C=US | |
| TestSystemRoots: root_darwin_test.go:118: certificate only present in cgo pool: CN=VRK Gov. Root CA,OU=Certification Authority Services+OU=Varmennepalvelut,O=Vaestorekisterikeskus CA,ST=Finland,C=FI | |
| TestSystemRoots: root_darwin_test.go:118: certificate only present in cgo pool: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH | |
| TestSystemRoots: root_darwin_test.go:118: certificate only present in cgo pool: CN=Autoridad de Certificacion Raiz del Estado Venezolano,OU=Superintendencia de Servicios de Certificacion Electronica,O=Sistema Nacional de Certificacion Electronica,L=Caracas,ST=Distrito Capital,C=VE | |
| TestSystemRoots: root_darwin_test.go:106: expired certificate only present in cgo pool (acceptable): CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL | |
| --- FAIL: TestSystemRoots (1.36s) | |
| FAIL | |
| FAIL crypto/x509 1.464s | |
| FAIL |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment