Commit 4a15508c authored by Brad Fitzpatrick's avatar Brad Fitzpatrick Committed by Chris Broadfoot

crypto/x509: detect OS X version for FetchPEMRoots at run time

https://golang.org/cl/25233 was detecting the OS X release at compile
time, not run time. Detect it at run time instead.

Fixes #16473 (again)

Change-Id: I6bec4996e57aa50c52599c165aa6f1fae7423fa7
Reviewed-on: https://go-review.googlesource.com/25281
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: 's avatarAndrew Gerrand <adg@golang.org>
Reviewed-by: 's avatarChris Broadfoot <cbro@golang.org>
parent 66b47431
...@@ -10,6 +10,9 @@ package x509 ...@@ -10,6 +10,9 @@ package x509
#cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1060 #cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1060
#cgo LDFLAGS: -framework CoreFoundation -framework Security #cgo LDFLAGS: -framework CoreFoundation -framework Security
#include <errno.h>
#include <sys/sysctl.h>
#include <CoreFoundation/CoreFoundation.h> #include <CoreFoundation/CoreFoundation.h>
#include <Security/Security.h> #include <Security/Security.h>
...@@ -51,9 +54,20 @@ int FetchPEMRoots_MountainLion(CFDataRef *pemRoots) { ...@@ -51,9 +54,20 @@ int FetchPEMRoots_MountainLion(CFDataRef *pemRoots) {
return 0; return 0;
} }
#ifndef kCFCoreFoundationVersionNumber10_9 // useOldCode reports whether the running machine is OS X 10.8 Mountain Lion
#define kCFCoreFoundationVersionNumber10_9 855.11 // or older. We only support Mountain Lion and higher, but we'll at least try our
#endif // best on older machines and continue to use the old code path.
//
// See golang.org/issue/16473
int useOldCode() {
char str[256];
size_t size = sizeof(str);
memset(str, 0, size);
sysctlbyname("kern.osrelease", str, &size, NULL, 0);
// OS X 10.8 is osrelease "12.*", 10.7 is 11.*, 10.6 is 10.*.
// We never supported things before that.
return memcmp(str, "12.", 3) == 0 || memcmp(str, "11.", 3) == 0 || memcmp(str, "10.", 3) == 0;
}
// FetchPEMRoots fetches the system's list of trusted X.509 root certificates. // FetchPEMRoots fetches the system's list of trusted X.509 root certificates.
// //
...@@ -63,7 +77,7 @@ int FetchPEMRoots_MountainLion(CFDataRef *pemRoots) { ...@@ -63,7 +77,7 @@ int FetchPEMRoots_MountainLion(CFDataRef *pemRoots) {
// Note: The CFDataRef returned in pemRoots must be released (using CFRelease) after // Note: The CFDataRef returned in pemRoots must be released (using CFRelease) after
// we've consumed its content. // we've consumed its content.
int FetchPEMRoots(CFDataRef *pemRoots) { int FetchPEMRoots(CFDataRef *pemRoots) {
if (kCFCoreFoundationVersionNumber < kCFCoreFoundationVersionNumber10_9) { if (useOldCode()) {
return FetchPEMRoots_MountainLion(pemRoots); return FetchPEMRoots_MountainLion(pemRoots);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment