github.com/bgentry/go@v0.0.0-20150121062915-6cf5a733d54d/src/crypto/x509/root_darwin_test.go (about) 1 // Copyright 2013 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package x509 6 7 import "testing" 8 9 func TestSystemRoots(t *testing.T) { 10 sysRoots := systemRootsPool() // actual system roots 11 execRoots, err := execSecurityRoots() // non-cgo roots 12 13 if err != nil { 14 t.Fatalf("failed to read system roots: %v", err) 15 } 16 17 for _, tt := range []*CertPool{sysRoots, execRoots} { 18 if tt == nil { 19 t.Fatal("no system roots") 20 } 21 // On Mavericks, there are 212 bundled certs; require only 22 // 150 here, since this is just a sanity check, and the 23 // exact number will vary over time. 24 if want, have := 150, len(tt.certs); have < want { 25 t.Fatalf("want at least %d system roots, have %d", want, have) 26 } 27 } 28 29 // Check that the two cert pools are roughly the same; 30 // |A∩B| > max(|A|, |B|) / 2 should be a reasonably robust check. 31 32 isect := make(map[string]bool, len(sysRoots.certs)) 33 for _, c := range sysRoots.certs { 34 isect[string(c.Raw)] = true 35 } 36 37 have := 0 38 for _, c := range execRoots.certs { 39 if isect[string(c.Raw)] { 40 have++ 41 } 42 } 43 44 var want int 45 if nsys, nexec := len(sysRoots.certs), len(execRoots.certs); nsys > nexec { 46 want = nsys / 2 47 } else { 48 want = nexec / 2 49 } 50 51 if have < want { 52 t.Errorf("insufficent overlap between cgo and non-cgo roots; want at least %d, have %d", want, have) 53 } 54 }