@@ -12,37 +12,31 @@ import (
1212 "testing"
1313)
1414
15- // This is the currently active Let’s Encrypt R3 (RSA 2048, O = Let's Encrypt, CN = R3)
16- // cross-signed CA Intermediate cert, downloaded from: https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed .pem
17- // It expires Sep 29 19:21:40 2021 GMT
18- // download updated versions from https://letsencrypt.org/certificates /
15+ // This is the currently active Amazon Root CA 1 (CN=Amazon Root CA 1,O=Amazon,C=US),
16+ // downloaded from: https://www.amazontrust.com/repository/AmazonRootCA1 .pem
17+ // It's valid since May 26 00:00:00 2015 GMT and expires on Jan 17 00:00:00 2038 GMT.
18+ // Download updated versions from https://www.amazontrust.com/repository /
1919const (
2020 systemRootTrustedCert = `
2121-----BEGIN CERTIFICATE-----
22- MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
23- MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
24- DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
25- MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
26- AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
27- jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
28- Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
29- U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
30- gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
31- /xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
32- oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
33- BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
34- ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
35- p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
36- AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
37- Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
38- LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
39- r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
40- AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
41- ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
42- S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
43- qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
44- O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
45- UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
22+ MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
23+ ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
24+ b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
25+ MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
26+ b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
27+ ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
28+ 9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
29+ IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
30+ VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
31+ 93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
32+ jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
33+ AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
34+ A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
35+ U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
36+ N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
37+ o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
38+ 5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
39+ rqXRfboQnoZsG4q5WTP468SQvvG5
4640-----END CERTIFICATE-----
4741`
4842 rsaPrivateKeyFile = "fixtures/key.pem"
@@ -205,10 +199,9 @@ func TestConfigServerTLSClientCASet(t *testing.T) {
205199// Exclusive root pools determines whether the CA pool will be a union of the system
206200// certificate pool and custom certs, or an exclusive or of the custom certs and system pool
207201func TestConfigServerExclusiveRootPools (t * testing.T ) {
208- if runtime .GOOS == "windows" {
209- // FIXME TestConfigServerExclusiveRootPools is failing on windows:
210- // config_test.go:244: Unable to verify certificate 1: x509: certificate signed by unknown authority
211- t .Skip ("FIXME: failing on Windows" )
202+ if runtime .GOOS == "windows" || runtime .GOOS == "darwin" {
203+ // FIXME: see https://github.com/docker/go-connections/issues/105.
204+ t .Skip ("FIXME: failing on Windows and darwin" )
212205 }
213206 key , cert := getCertAndKey ()
214207 ca := getMultiCert ()
@@ -570,10 +563,9 @@ func TestConfigClientTLSNotSetWithInvalidPassphrase(t *testing.T) {
570563// Exclusive root pools determines whether the CA pool will be a union of the system
571564// certificate pool and custom certs, or an exclusive or of the custom certs and system pool
572565func TestConfigClientExclusiveRootPools (t * testing.T ) {
573- if runtime .GOOS == "windows" {
574- // FIXME TestConfigClientExclusiveRootPools is failing on windows:
575- // config_test.go:597: Unable to verify certificate 1: x509: certificate signed by unknown authority
576- t .Skip ("FIXME: failing on Windows" )
566+ if runtime .GOOS == "windows" || runtime .GOOS == "darwin" {
567+ // FIXME: see https://github.com/docker/go-connections/issues/105.
568+ t .Skip ("FIXME: failing on Windows and darwin" )
577569 }
578570 ca := getMultiCert ()
579571
0 commit comments