mirror of
https://github.com/fleetdm/fleet
synced 2026-05-03 21:38:24 +00:00
09c2e2ff72
I manually verified this fix by running the new
`github.com/fleetdm/fleet/v4/server/mdm/apple/gdmf/integrationtest` test
with and without the fix on a cloud Ubuntu server.
Without fix:
```
=== RUN TestGetAssetMetadata
gdmf_test.go:14:
Error Trace: /root/fleet/server/mdm/apple/gdmf/integrationtest/gdmf_test.go:14
Error: Received unexpected error:
retrieving asset metadata: Get "https://gdmf.apple.com/v2/pmv": tls: failed to verify certificate: x509: certificate signed by unknown authority
Test: TestGetAssetMetadata
--- FAIL: TestGetAssetMetadata (3.53s)
FAIL
FAIL github.com/fleetdm/fleet/v4/server/mdm/apple/gdmf/integrationtest 3.542s
FAIL
```
With fix:
```
=== RUN TestGetAssetMetadata
--- PASS: TestGetAssetMetadata (0.39s)
PASS
ok github.com/fleetdm/fleet/v4/server/mdm/apple/gdmf/integrationtest 0.397s
```
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
23 lines
500 B
Go
23 lines
500 B
Go
package rootcert
|
|
|
|
import (
|
|
"crypto/x509"
|
|
_ "embed"
|
|
"fmt"
|
|
)
|
|
|
|
// appleRootCert is https://www.apple.com/appleca/AppleIncRootCertificate.cer
|
|
//
|
|
//go:embed AppleIncRootCertificate.cer
|
|
var appleRootCert []byte
|
|
|
|
// AppleRootCA is Apple's Root CA parsed to an *x509.Certificate
|
|
var AppleRootCA = NewAppleCert(appleRootCert)
|
|
|
|
func NewAppleCert(crt []byte) *x509.Certificate {
|
|
cert, err := x509.ParseCertificate(crt)
|
|
if err != nil {
|
|
panic(fmt.Errorf("could not parse cert: %w", err))
|
|
}
|
|
return cert
|
|
}
|