From c3bc6adeb8dd4a22524f631365119b64cf5c043b Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Mon, 15 Sep 2025 10:43:02 -0400 Subject: [PATCH 1/2] Backport dotnet/runtime#118652 Backport dotnet/runtime#118777 --- .../TestUtilities/System/PlatformDetection.Unix.cs | 1 + .../tests/X509Certificates/ChainTests.cs | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs index 18b1e0461cf670..17aa423c3aaebb 100644 --- a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs +++ b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs @@ -43,6 +43,7 @@ public static partial class PlatformDetection public static bool IsNotMacOsAppleSilicon => !IsMacOsAppleSilicon; public static bool IsAppSandbox => Environment.GetEnvironmentVariable("APP_SANDBOX_CONTAINER_ID") != null; public static bool IsNotAppSandbox => !IsAppSandbox; + public static bool IsApplePlatform26OrLater => IsOSXLike && Environment.OSVersion.Version.Major >= 26; // RedHat family covers RedHat and CentOS public static bool IsRedHatFamily => IsRedHatFamilyAndVersion(); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/ChainTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/ChainTests.cs index 200f6fdbf30916..97163e77245ef9 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/ChainTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/ChainTests.cs @@ -288,13 +288,13 @@ public static void SystemTrustCertificateWithCustomRootTrust(bool addCertificate // Check some known conditions. - if (PlatformDetection.UsesAppleCrypto) + if (OperatingSystem.IsLinux() || PlatformDetection.IsApplePlatform26OrLater) { - Assert.Equal(3, chain.ChainElements.Count); + Assert.Equal(2, chain.ChainElements.Count); } - else if (OperatingSystem.IsLinux()) + else if (PlatformDetection.IsApplePlatform) { - Assert.Equal(2, chain.ChainElements.Count); + Assert.Equal(3, chain.ChainElements.Count); } } } @@ -1179,12 +1179,12 @@ public static void BuildChainForCertificateSignedWithDisallowedKey() chain.ChainPolicy.ExtraStore.Add(intermediateCert); Assert.False(chain.Build(cert)); - if (PlatformDetection.IsAndroid) + if (PlatformDetection.IsAndroid || PlatformDetection.IsApplePlatform26OrLater) { // Android always validates trust as part of building a path, // so violations comes back as PartialChain with no elements + // Apple 26 no longer block these SKIs since the roots are no longer trusted at all and are expired. Assert.Equal(X509ChainStatusFlags.PartialChain, chain.AllStatusFlags()); - Assert.Equal(0, chain.ChainElements.Count); } else { From 8105076a5dc17bdc8a6f52c919cd31957a8a4376 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Mon, 15 Sep 2025 10:46:28 -0400 Subject: [PATCH 2/2] Fix property for release/8.0 --- .../tests/X509Certificates/ChainTests.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/ChainTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/ChainTests.cs index 97163e77245ef9..e3e39b73f429f6 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/ChainTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/ChainTests.cs @@ -292,7 +292,7 @@ public static void SystemTrustCertificateWithCustomRootTrust(bool addCertificate { Assert.Equal(2, chain.ChainElements.Count); } - else if (PlatformDetection.IsApplePlatform) + else if (PlatformDetection.IsOSXLike) { Assert.Equal(3, chain.ChainElements.Count); }