Investigate why `TestConfigServerExclusiveRootPools` is broken on Windows / MacOS builds

- Related to https://github.com/docker/go-connections/pull/104
- `TestConfigServerExclusiveRootPools`: see https://github.com/docker/go-connections/blob/5cc4da5c08cd0df3e0a45da21ebd07e131109bd2/tlsconfig/config_test.go#L202-L205
- `TestConfigClientExclusiveRootPools`: see https://github.com/docker/go-connections/blob/5cc4da5c08cd0df3e0a45da21ebd07e131109bd2/tlsconfig/config_test.go#L566-L569

Both tests break with the following error:

> Unable to verify certificate 1: x509: certificate signed by unknown authority

`certificate 1` being `systemRootTrustedCert`: https://github.com/docker/go-connections/blob/5cc4da5c08cd0df3e0a45da21ebd07e131109bd2/tlsconfig/config_test.go#L20-L41

As noted in https://github.com/docker/go-connections/commit/d5807de501e8618bbfeacec1c7a5955df229c0f7 commit message:

> The `(*Certificate).Verify()` method from `crypto/x509` special-case
> windows, darwin and ios GOOS to use a OS-specific verification process.
> This process seems to consider root CAs as invalid for some unknown
> reasons.

So either the syscall made by `Verify()` to retrieve the system-wide cert bundle return an empty set, it's out-of-date, or something else happen.

	systemRootTrustedCert = `
	-----BEGIN CERTIFICATE-----
	MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
	ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
	b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
	MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
	b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
	ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
	9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
	IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
	VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
	93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
	jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
	AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
	A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
	U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
	N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
	o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
	5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
	rqXRfboQnoZsG4q5WTP468SQvvG5
	-----END CERTIFICATE-----
	`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Investigate why `TestConfigServerExclusiveRootPools` is broken on Windows / MacOS builds #105

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	if runtime.GOOS == "windows" \|\| runtime.GOOS == "darwin" {
	// FIXME: see https://github.com/docker/go-connections/issues/105.
	t.Skip("FIXME: failing on Windows and darwin")
	}

Investigate why TestConfigServerExclusiveRootPools is broken on Windows / MacOS builds #105

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Investigate why `TestConfigServerExclusiveRootPools` is broken on Windows / MacOS builds #105