Linux vmi284606.contaboserver.net 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64
Apache/2.4.57 (Ubuntu)
: 167.86.127.34 | : 216.73.217.31
Cant Read [ /etc/named.conf ]
7.2.24-0ubuntu0.18.04.17
root
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
usr /
local /
go /
src /
crypto /
x509 /
[ HOME SHELL ]
Name
Size
Permission
Action
pkix
[ DIR ]
drwxr-xr-x
testdata
[ DIR ]
drwxr-xr-x
cert_pool.go
3.75
KB
-rw-r--r--
example_test.go
5.32
KB
-rw-r--r--
name_constraints_test.go
44.98
KB
-rw-r--r--
pem_decrypt.go
6.5
KB
-rw-r--r--
pem_decrypt_test.go
8.92
KB
-rw-r--r--
pkcs1.go
4.64
KB
-rw-r--r--
pkcs8.go
4.36
KB
-rw-r--r--
pkcs8_test.go
8.05
KB
-rw-r--r--
root.go
483
B
-rw-r--r--
root_aix.go
290
B
-rw-r--r--
root_bsd.go
518
B
-rw-r--r--
root_cgo_darwin.go
11.47
KB
-rw-r--r--
root_darwin.go
8.24
KB
-rw-r--r--
root_darwin_arm_gen.go
4.54
KB
-rw-r--r--
root_darwin_armx.go
256.1
KB
-rw-r--r--
root_darwin_test.go
4.31
KB
-rw-r--r--
root_js.go
275
B
-rw-r--r--
root_linux.go
684
B
-rw-r--r--
root_nocgo_darwin.go
264
B
-rw-r--r--
root_plan9.go
844
B
-rw-r--r--
root_solaris.go
419
B
-rw-r--r--
root_unix.go
2.16
KB
-rw-r--r--
root_unix_test.go
3.02
KB
-rw-r--r--
root_windows.go
9.98
KB
-rw-r--r--
sec1.go
4.25
KB
-rw-r--r--
sec1_test.go
5.36
KB
-rw-r--r--
test-file.crt
1.9
KB
-rw-r--r--
verify.go
33.48
KB
-rw-r--r--
verify_test.go
88.68
KB
-rw-r--r--
x509.go
81.23
KB
-rw-r--r--
x509_test.go
97.43
KB
-rw-r--r--
x509_test_import.go
1.7
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : root_darwin_test.go
// Copyright 2013 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. package x509 import ( "crypto/rsa" "os" "os/exec" "path/filepath" "runtime" "testing" "time" ) func TestSystemRoots(t *testing.T) { switch runtime.GOARCH { case "arm", "arm64": t.Skipf("skipping on %s/%s, no system root", runtime.GOOS, runtime.GOARCH) } t0 := time.Now() sysRoots := systemRootsPool() // actual system roots sysRootsDuration := time.Since(t0) t1 := time.Now() execRoots, err := execSecurityRoots() // non-cgo roots execSysRootsDuration := time.Since(t1) if err != nil { t.Fatalf("failed to read system roots: %v", err) } t.Logf(" cgo sys roots: %v", sysRootsDuration) t.Logf("non-cgo sys roots: %v", execSysRootsDuration) // On Mavericks, there are 212 bundled certs, at least there was at // one point in time on one machine. (Maybe it was a corp laptop // with extra certs?) Other OS X users report 135, 142, 145... // Let's try requiring at least 100, since this is just a sanity // check. if want, have := 100, len(sysRoots.certs); have < want { t.Errorf("want at least %d system roots, have %d", want, have) } // Fetch any intermediate certificate that verify-cert might be aware of. out, err := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/Library/Keychains/System.keychain", filepath.Join(os.Getenv("HOME"), "/Library/Keychains/login.keychain"), filepath.Join(os.Getenv("HOME"), "/Library/Keychains/login.keychain-db")).Output() if err != nil { t.Fatal(err) } allCerts := NewCertPool() allCerts.AppendCertsFromPEM(out) // Check that the two cert pools are the same. sysPool := make(map[string]*Certificate, len(sysRoots.certs)) for _, c := range sysRoots.certs { sysPool[string(c.Raw)] = c } for _, c := range execRoots.certs { if _, ok := sysPool[string(c.Raw)]; ok { delete(sysPool, string(c.Raw)) } else { // verify-cert lets in certificates that are not trusted roots, but // are signed by trusted roots. This is not great, but unavoidable // until we parse real policies without cgo, so confirm that's the // case and skip them. if _, err := c.Verify(VerifyOptions{ Roots: sysRoots, Intermediates: allCerts, KeyUsages: []ExtKeyUsage{ExtKeyUsageAny}, CurrentTime: c.NotBefore, // verify-cert does not check expiration }); err != nil { t.Errorf("certificate only present in non-cgo pool: %v (verify error: %v)", c.Subject, err) } else { t.Logf("signed certificate only present in non-cgo pool (acceptable): %v", c.Subject) } } } for _, c := range sysPool { // The nocgo codepath uses verify-cert with the ssl policy, which also // happens to check EKUs, so some certificates will appear only in the // cgo pool. We can't easily make them consistent because the EKU check // is only applied to the certificates passed to verify-cert. var ekuOk bool for _, eku := range c.ExtKeyUsage { if eku == ExtKeyUsageServerAuth || eku == ExtKeyUsageNetscapeServerGatedCrypto || eku == ExtKeyUsageMicrosoftServerGatedCrypto || eku == ExtKeyUsageAny { ekuOk = true } } if len(c.ExtKeyUsage) == 0 && len(c.UnknownExtKeyUsage) == 0 { ekuOk = true } if !ekuOk { t.Logf("off-EKU certificate only present in cgo pool (acceptable): %v", c.Subject) continue } // Same for expired certificates. We don't chain to them anyway. now := time.Now() if now.Before(c.NotBefore) || now.After(c.NotAfter) { t.Logf("expired certificate only present in cgo pool (acceptable): %v", c.Subject) continue } // On 10.11 there are five unexplained roots that only show up from the // C API. They have in common the fact that they are old, 1024-bit // certificates. It's arguably better to ignore them anyway. if key, ok := c.PublicKey.(*rsa.PublicKey); ok && key.N.BitLen() == 1024 { t.Logf("1024-bit certificate only present in cgo pool (acceptable): %v", c.Subject) continue } t.Errorf("certificate only present in cgo pool: %v", c.Subject) } if t.Failed() && debugDarwinRoots { cmd := exec.Command("security", "dump-trust-settings") cmd.Stdout, cmd.Stderr = os.Stderr, os.Stderr cmd.Run() cmd = exec.Command("security", "dump-trust-settings", "-d") cmd.Stdout, cmd.Stderr = os.Stderr, os.Stderr cmd.Run() } }
Close
