From 80cf6b1ae158b25fa5b6667870b801dc2d18fbb8 Mon Sep 17 00:00:00 2001 From: Mikkel Krautz Date: Tue, 28 Feb 2012 11:34:48 -0500 Subject: [PATCH] crypto/tls: force OS X target version to 10.6 for API compatibility This is a band-aid until we can use weak imports with cgo. Fixes #3131. R=minux.ma, rsc CC=golang-dev https://golang.org/cl/5700083 --- root_darwin.go | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/root_darwin.go b/root_darwin.go index db1b18b..911a9a6 100644 --- a/root_darwin.go +++ b/root_darwin.go @@ -5,11 +5,9 @@ package tls /* -// Note: We disable -Werror here because the code in this file uses a deprecated API to stay -// compatible with both Mac OS X 10.6 and 10.7. Using a deprecated function on Darwin generates -// a warning. -#cgo CFLAGS: -Wno-error -Wno-deprecated-declarations +#cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1060 #cgo LDFLAGS: -framework CoreFoundation -framework Security + #include #include @@ -40,26 +38,12 @@ int FetchPEMRoots(CFDataRef *pemRoots) { continue; } - // SecKeychainImportExport is deprecated in >= OS X 10.7, and has been replaced by - // SecItemExport. If we're built on a host with a Lion SDK, this code gets conditionally - // included in the output, also for binaries meant for 10.6. - // - // To make sure that we run on both Mac OS X 10.6 and 10.7 we use weak linking - // and check whether SecItemExport is available before we attempt to call it. On - // 10.6, this won't be the case, and we'll fall back to calling SecKeychainItemExport. -#if __MAC_OS_X_VERSION_MAX_ALLOWED >= 1070 - if (SecItemExport) { - err = SecItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data); - if (err != noErr) { - continue; - } - } else -#endif - if (data == NULL) { - err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data); - if (err != noErr) { - continue; - } + // Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport. + // Once we support weak imports via cgo we should prefer that, and fall back to this + // for older systems. + err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data); + if (err != noErr) { + continue; } if (data != NULL) {