Unit tests fail on macOS with Go 1.18 because of 1024-bit RSA test certificate

[bdd]

Problem:

TestConnect fails on macOS when using Go 1.18

% ~/go/bin/go1.18.1 test ./...
?   	github.com/square/certigo	[no test files]
--- FAIL: TestConnect (0.02s)
    cli_test.go:210:
        	Error Trace:	cli_test.go:210
        	Error:      	Not equal:
        	            	expected: "** TLS Connection **\nVersion: TLS 1.3\nCipher Suite: AES_128_GCM_SHA256 cipher\n\n** CERTIFICATE 1 **\nSerial: 64483185769360960274258770740570494187\nValid: 1970-01-01 00:00 UTC to 2084-01-29 16:00 UTC\nSignature: SHA256-RSA (self-signed)\nSubject Info:\n\tOrganization: Acme Co\nIssuer Info:\n\tOrganization: Acme Co\nBasic Constraints: CA:true\nKey Usage:\n\tDigital Signature\n\tKey Encipherment\n\tCert Sign\nExtended Key Usage:\n\tServer Auth\nDNS Names:\n\texample.com\nIP Addresses:\n\t127.0.0.1, ::1\nWarnings:\n\tSize of RSA key should be at least 2048 bits\n\nFailed to verify certificate chain:\n\tx509: certificate signed by unknown authority\n** TLS Connection **\nVersion: TLS 1.3\nCipher Suite: AES_128_GCM_SHA256 cipher\n\n** CERTIFICATE 1 **\nSerial: 64483185769360960274258770740570494187\nValid: 1970-01-01 00:00 UTC to 2084-01-29 16:00 UTC\nSignature: SHA256-RSA (self-signed)\nSubject Info:\n\tOrganization: Acme Co\nIssuer Info:\n\tOrganization: Acme Co\nBasic Constraints: CA:true\nKey Usage:\n\tDigital Signature\n\tKey Encipherment\n\tCert Sign\nExtended Key Usage:\n\tServer Auth\nDNS Names:\n\texample.com\nIP Addresses:\n\t127.0.0.1, ::1\nWarnings:\n\tSize of RSA key should be at least 2048 bits\n\nFailed to verify certificate chain:\n\tx509: certificate signed by unknown authority\n"
        	            	actual  : "** TLS Connection **\nVersion: TLS 1.3\nCipher Suite: AES_128_GCM_SHA256 cipher\n\n** CERTIFICATE 1 **\nSerial: 64483185769360960274258770740570494187\nValid: 1970-01-01 00:00 UTC to 2084-01-29 16:00 UTC\nSignature: SHA256-RSA (self-signed)\nSubject Info:\n\tOrganization: Acme Co\nIssuer Info:\n\tOrganization: Acme Co\nBasic Constraints: CA:true\nKey Usage:\n\tDigital Signature\n\tKey Encipherment\n\tCert Sign\nExtended Key Usage:\n\tServer Auth\nDNS Names:\n\texample.com\nIP Addresses:\n\t127.0.0.1, ::1\nWarnings:\n\tSize of RSA key should be at least 2048 bits\n\nFailed to verify certificate chain:\n\tx509: “Acme Co” certificate is using a broken key size\n** TLS Connection **\nVersion: TLS 1.3\nCipher Suite: AES_128_GCM_SHA256 cipher\n\n** CERTIFICATE 1 **\nSerial: 64483185769360960274258770740570494187\nValid: 1970-01-01 00:00 UTC to 2084-01-29 16:00 UTC\nSignature: SHA256-RSA (self-signed)\nSubject Info:\n\tOrganization: Acme Co\nIssuer Info:\n\tOrganization: Acme Co\nBasic Constraints: CA:true\nKey Usage:\n\tDigital Signature\n\tKey Encipherment\n\tCert Sign\nExtended Key Usage:\n\tServer Auth\nDNS Names:\n\texample.com\nIP Addresses:\n\t127.0.0.1, ::1\nWarnings:\n\tSize of RSA key should be at least 2048 bits\n\nFailed to verify certificate chain:\n\tx509: “Acme Co” certificate is using a broken key size\n"

        	            	Diff:
        	            	--- Expected
        	            	+++ Actual
        	            	@@ -27,3 +27,3 @@
        	            	 Failed to verify certificate chain:
        	            	-	x509: certificate signed by unknown authority
        	            	+	x509: “Acme Co” certificate is using a broken key size
        	            	 ** TLS Connection **
        	            	@@ -55,3 +55,3 @@
        	            	 Failed to verify certificate chain:
        	            	-	x509: certificate signed by unknown authority
        	            	+	x509: “Acme Co” certificate is using a broken key size

        	Test:       	TestConnect
FAIL
FAIL	github.com/square/certigo/cli	0.233s

Dive:

Where does this certificate is using a broken key size error come from?

Looks like from from Apple Security Framework https://cs.github.com/apple-open-source/macos/blob/4c64a93f78278a48fd0c9bce26737010c16668e6/Security/OSX/sec/Security/SecFrameworkStrings.h#L246.

Apple's App Transport Security (ATS) on all platforms now requires:

The server certificate must be signed with either a Rivest-Shamir-Adleman (RSA) key of at least 2048 bits, or an Elliptic-Curve Cryptography (ECC) key of at least 256 bits.

Go uses Apple Security Framework now?

Go 1.18 switched TLS verification path to platform APIs for macOS and iOS.
From: Go 1.18 Release Notes:

Certificate.Verify now uses platform APIs to verify certificate validity on macOS and iOS when it is called with a nil VerifyOpts.Roots or when using the root pool returned from SystemCertPool.

Next:

Update localhostKey to at least 2048-bits and generating a new localhostCert with it in cli/cli_test.go.

certigo/cli/cli_test.go

Line 19 in 41b5b73

// go run generate_cert.go --rsa-bits 1024 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h

[bdd]

Well, simply updating the test cert to RSA 2048 will drop the lumped in test case for key size warning emitted.

Warnings:
        Size of RSA key should be at least 2048 bits

Moreover, the chain verification failure messages are not different between platforms:

e.g.

Failed to verify certificate chain:
-	x509: certificate signed by unknown authority
+	x509: “Acme Co” certificate is not trusted

The new error, citing the issuer name is coming from Apple Security Framework, particularly this format string with its fancy quotes.

So the PR would be more involved than new key, new cert and change expected output.

[jdtw]

Thanks for the detailed writeup, we'll take a look!

[jdtw]

I decided that we should just change the test to successfully verify the cert chain instead of relying on a platform-specific error string.