Lines Matching refs:cert
49 // 3. For each dumped cert, conditionally verify it with "security
50 // verify-cert" if that cert was in the set discovered in Step 1.
51 // Without the Step 1 optimization, running "security verify-cert"
73 numVerified int // number of execs of 'security verify-cert', for debug stats
79 // Using 4 goroutines to pipe into verify-cert seems to be
80 // about the best we can do. The verify-cert binary seems to
84 // (or never) call verify-cert on stock macOS systems, though.
85 // The hope is that we only call verify-cert when the user has
93 cert, err := ParseCertificate(block.Bytes)
103 if !verifyCertWithSystem(block, cert) {
111 roots.AddCert(cert)
134 println(fmt.Sprintf("crypto/x509: ran security verify-cert %d times", numVerified))
140 func verifyCertWithSystem(block *pem.Block, cert *Certificate) bool {
143 f, err := ioutil.TempFile("", "cert")
145 fmt.Fprintf(os.Stderr, "can't create temporary file for cert: %v", err)
150 fmt.Fprintf(os.Stderr, "can't write temporary file for cert: %v", err)
154 fmt.Fprintf(os.Stderr, "can't write temporary file for cert: %v", err)
157 cmd := exec.Command("/usr/bin/security", "verify-cert", "-c", f.Name(), "-l", "-L")
164 println(fmt.Sprintf("crypto/x509: verify-cert rejected %s: %q", cert.Subject.CommonName, bytes.TrimSpace(stderr.Bytes())))
169 println(fmt.Sprintf("crypto/x509: verify-cert approved %s", cert.Subject.CommonName))
176 // sha1 hex of the raw cert.
178 // verify-cert` to see whether the user altered the default trust
