Backported from https://github.com/fancybits/go/compare/6432f144aef0...989d1b18ee4a
|
|
import ( |
10 | 10 | "errors" |
11 | 11 | "internal/abi" |
12 | 12 | "strconv" |
| 13 | "strings" |
| 14 | syscallpkg "syscall" |
13 | 15 | "unsafe" |
14 | 16 | ) |
15 | 17 | |
… |
… |
var ErrNoTrustSettings = errors.New("no trust settings found") |
87 | 89 | |
88 | 90 | const errSecNoTrustSettings = -25263 |
89 | 91 | |
| 92 | var missingSecTrustEvaluateWithError = false |
| 93 | |
| 94 | func init() { |
| 95 | v, _ := syscallpkg.Sysctl("kern.osrelease") |
| 96 | missingSecTrustEvaluateWithError = strings.HasPrefix(v, "11.") || |
| 97 | strings.HasPrefix(v, "12.") || |
| 98 | strings.HasPrefix(v, "13.") || |
| 99 | strings.HasPrefix(v, "14.") || |
| 100 | strings.HasPrefix(v, "15.") || |
| 101 | strings.HasPrefix(v, "16.") |
| 102 | } |
| 103 | |
90 | 104 | //go:cgo_import_dynamic x509_SecTrustSettingsCopyCertificates SecTrustSettingsCopyCertificates "/System/Library/Frameworks/Security.framework/Versions/A/Security" |
91 | 105 | |
92 | 106 | func SecTrustSettingsCopyCertificates(domain SecTrustSettingsDomain) (certArray CFRef, err error) { |
… |
… |
func x509_SecTrustSetVerifyDate_trampoline() |
174 | 188 | |
175 | 189 | //go:cgo_import_dynamic x509_SecTrustEvaluate SecTrustEvaluate "/System/Library/Frameworks/Security.framework/Versions/A/Security" |
176 | 190 | |
177 | | func SecTrustEvaluate(trustObj CFRef) (CFRef, error) { |
178 | | var result CFRef |
| 191 | func SecTrustEvaluate(trustObj CFRef) (SecTrustResultType, error) { |
| 192 | var result SecTrustResultType = SecTrustResultInvalid |
179 | 193 | ret := syscall(abi.FuncPCABI0(x509_SecTrustEvaluate_trampoline), uintptr(trustObj), uintptr(unsafe.Pointer(&result)), 0, 0, 0, 0) |
180 | 194 | if int32(ret) != 0 { |
181 | 195 | return 0, OSStatus{"SecTrustEvaluate", int32(ret)} |
182 | 196 | } |
183 | | return CFRef(result), nil |
| 197 | return result, nil |
184 | 198 | } |
185 | 199 | func x509_SecTrustEvaluate_trampoline() |
186 | 200 | |
… |
… |
func x509_SecTrustGetResult_trampoline() |
200 | 214 | //go:cgo_import_dynamic x509_SecTrustEvaluateWithError SecTrustEvaluateWithError "/System/Library/Frameworks/Security.framework/Versions/A/Security" |
201 | 215 | |
202 | 216 | func SecTrustEvaluateWithError(trustObj CFRef) (int, error) { |
| 217 | if missingSecTrustEvaluateWithError { |
| 218 | result, err := SecTrustEvaluate(trustObj) |
| 219 | if err != nil { |
| 220 | return err |
| 221 | } |
| 222 | switch result { |
| 223 | case SecTrustResultUnspecified, SecTrustResultProceed: |
| 224 | return nil |
| 225 | case SecTrustResultRecoverableTrustFailure: |
| 226 | return errors.New("x509: macOS certificate verification result: recoverable trust failure") |
| 227 | case SecTrustResultFatalTrustFailure: |
| 228 | return errors.New("x509: macOS certificate verification result: fatal trust failure") |
| 229 | case SecTrustResultOtherError: |
| 230 | return errors.New("x509: macOS certificate verification result: other error") |
| 231 | case SecTrustResultInvalid: |
| 232 | return errors.New("x509: macOS certificate verification result: invalid") |
| 233 | case SecTrustResultDeny: |
| 234 | return errors.New("x509: macOS certificate verification result: denied") |
| 235 | case SecTrustResultConfirm: |
| 236 | return errors.New("x509: macOS certificate verification result: confirmation required") |
| 237 | default: |
| 238 | return errors.New("x509: macOS certificate verification result unknown") |
| 239 | } |
| 240 | } |
203 | 241 | var errRef CFRef |
204 | 242 | ret := syscall(abi.FuncPCABI0(x509_SecTrustEvaluateWithError_trampoline), uintptr(trustObj), uintptr(unsafe.Pointer(&errRef)), 0, 0, 0, 0) |
205 | 243 | if int32(ret) != 1 { |