Chromium Code Reviews| Index: net/base/x509_certificate_unittest.cc |
| =================================================================== |
| --- net/base/x509_certificate_unittest.cc (revision 77551) |
| +++ net/base/x509_certificate_unittest.cc (working copy) |
| @@ -447,6 +447,27 @@ |
| root_certs->Clear(); |
| } |
| +#if defined(OS_MACOSX) |
|
Ryan Sleevi
2011/03/10 02:30:51
For parity testing, my preference would be to see
|
| +// Regression test for http://crbug.com/63988 |
| +// Do not report ERR_CERT_INVALID on a certificate with an empty Subject field |
| +// and a subjectAltName extension that is not marked as critical. |
| +TEST(X509CertificateTest, EmptySubject) { |
| + FilePath certs_dir = GetTestCertsDirectory(); |
| + |
| + scoped_refptr<X509Certificate> server_cert = |
| + ImportCertFromFile(certs_dir, "empty_subject_cert.der"); |
| + ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
| + |
| + int flags = 0; |
| + CertVerifyResult verify_result; |
| + int error = server_cert->Verify("1.1.1.1", flags, &verify_result); |
| + EXPECT_NE(ERR_CERT_INVALID, error); |
| + EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_INVALID); |
| + EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID); |
| + EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
| +} |
| +#endif |
| + |
| // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We |
| // call X509Certificate::CreateFromHandle several times and observe whether |
| // it returns a cached or new X509Certificate object. |