Disable BuildChainForCertificateSignedWithDisallowedKey on Linux again

vcsjones · web-flow · commit a1d5e43905b8 · 2025-08-15T21:30:31.000Z
diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/ChainTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/ChainTests.cs
@@ -1112,6 +1112,7 @@ public static void BuildChainForFraudulentCertificate()
         }
 
         [Fact]
+        [SkipOnPlatform(TestPlatforms.Linux, "Not supported on Linux.")]
         public static void BuildChainForCertificateSignedWithDisallowedKey()
         {
             // The intermediate certificate is from the now defunct CA DigiNotar.
@@ -1177,12 +1178,11 @@ public static void BuildChainForCertificateSignedWithDisallowedKey()
                 chain.ChainPolicy.ExtraStore.Add(intermediateCert);
                 Assert.False(chain.Build(cert));
 
-                if (PlatformDetection.IsAndroid || PlatformDetection.IsApplePlatform26OrLater || PlatformDetection.IsLinux)
+                if (PlatformDetection.IsAndroid || PlatformDetection.IsApplePlatform26OrLater)
                 {
                     // Android always validates trust as part of building a path,
                     // so violations comes back as PartialChain with no elements
                     // Apple 26 no longer block these SKIs since the roots are no longer trusted at all and are expired.
-                    // Linux has no concept of a blocked key list, they just remove certificates from a trust store.
                     Assert.Equal(X509ChainStatusFlags.PartialChain, chain.AllStatusFlags());
                 }
                 else

Original file line number	Diff line number	Diff line change
`@@ -1112,6 +1112,7 @@ public static void BuildChainForFraudulentCertificate()`
`1112`	`1112`	`}`
`1113`	`1113`
`1114`	`1114`	`[Fact]`
	`1115`	`+ [SkipOnPlatform(TestPlatforms.Linux, "Not supported on Linux.")]`
`1115`	`1116`	`public static void BuildChainForCertificateSignedWithDisallowedKey()`
`1116`	`1117`	`{`
`1117`	`1118`	`// The intermediate certificate is from the now defunct CA DigiNotar.`
`@@ -1177,12 +1178,11 @@ public static void BuildChainForCertificateSignedWithDisallowedKey()`
`1177`	`1178`	`chain.ChainPolicy.ExtraStore.Add(intermediateCert);`
`1178`	`1179`	`Assert.False(chain.Build(cert));`
`1179`	`1180`
`1180`		`- if (PlatformDetection.IsAndroid \|\| PlatformDetection.IsApplePlatform26OrLater \|\| PlatformDetection.IsLinux)`
	`1181`	`+ if (PlatformDetection.IsAndroid \|\| PlatformDetection.IsApplePlatform26OrLater)`
`1181`	`1182`	`{`
`1182`	`1183`	`// Android always validates trust as part of building a path,`
`1183`	`1184`	`// so violations comes back as PartialChain with no elements`
`1184`	`1185`	`// Apple 26 no longer block these SKIs since the roots are no longer trusted at all and are expired.`
`1185`		`- // Linux has no concept of a blocked key list, they just remove certificates from a trust store.`
`1186`	`1186`	`Assert.Equal(X509ChainStatusFlags.PartialChain, chain.AllStatusFlags());`
`1187`	`1187`	`}`
`1188`	`1188`	`else`