Skip to content

Commit

Permalink
crypto/x509: use SecItemExport instead of deprecated SecKeychainItemE…
Browse files Browse the repository at this point in the history 
…xport

SecKeychainItemExport is deprecated as of macOS 10.7. The minimum
supported version is macOS 10.10, so use SecItemExport instead.

While at it also bump macosx-version-min to 10.10 and
__MAC_OS_X_VERSION_MAX_ALLOWED to 101300 (for macOS 10.13).

Tested on macOS 10.10, 10.11 and 10.12.

Updates golang#23122

Change-Id: Id4cd6a5cea93315791253dc248e40e5615760a6c
Reviewed-on: https://go-review.googlesource.com/116396
Reviewed-by: Brad Fitzpatrick <[email protected]>
  • Loading branch information
@tklauser @bradfitz
tklauser authored and bradfitz committed Jun 6, 2018
1 parent 7c1f361 commit 11f6cb4
Showing 1 changed file with 2 additions and 5 deletions.
7 changes: 2 additions & 5 deletions src/crypto/x509/root_cgo_darwin.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
package x509

/*
#cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1080
#cgo CFLAGS: -mmacosx-version-min=10.10 -D__MAC_OS_X_VERSION_MAX_ALLOWED=101300
#cgo LDFLAGS: -framework CoreFoundation -framework Security
#include <errno.h>
Expand Down Expand Up @@ -136,10 +136,7 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
}
}
// Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport.
// Once we support weak imports via cgo we should prefer that, and fall back to this
// for older systems.
err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);
err = SecItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);
if (err != noErr) {
continue;
}
Expand Down

0 comments on commit 11f6cb4

Please sign in to comment.