Index: net/base/x509_certificate_unittest.cc |
diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc |
index 010aba73145dfd70e27ab6add26da94c4532535a..b25322b29548aae303492f1cb737f5373da4cdc7 100644 |
--- a/net/base/x509_certificate_unittest.cc |
+++ b/net/base/x509_certificate_unittest.cc |
@@ -1550,12 +1550,38 @@ TEST_P(X509CertificateWeakDigestTest, Verify) { |
int flags = 0; |
CertVerifyResult verify_result; |
- ee_chain->Verify("127.0.0.1", flags, NULL, &verify_result); |
+ int rv = ee_chain->Verify("127.0.0.1", flags, NULL, &verify_result); |
EXPECT_EQ(data.expected_has_md5, verify_result.has_md5); |
EXPECT_EQ(data.expected_has_md4, verify_result.has_md4); |
EXPECT_EQ(data.expected_has_md2, verify_result.has_md2); |
EXPECT_EQ(data.expected_has_md5_ca, verify_result.has_md5_ca); |
EXPECT_EQ(data.expected_has_md2_ca, verify_result.has_md2_ca); |
+ |
+ // Ensure that MD4 and MD2 are tagged as invalid. |
+ if (data.expected_has_md4 || data.expected_has_md2) { |
+ EXPECT_EQ(CERT_STATUS_INVALID, |
+ (verify_result.cert_status & CERT_STATUS_INVALID)); |
wtc
2011/11/04 22:57:42
The parentheses are not necessary here and on line
|
+ |
+ } |
+ |
+ // Ensure that MD5 is flagged as weak. |
+ if (data.expected_has_md5) { |
+ EXPECT_EQ( |
+ CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, |
+ (verify_result.cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM)); |
+ } |
+ |
+ // If there is a root cert present, then the full chain should validate, but |
+ // be rejected. |
wtc
2011/11/04 22:57:42
Nit: "but be rejected" does not apply to the last
|
+ if (data.root_cert_filename) { |
+ if (data.expected_has_md4 || data.expected_has_md2) { |
+ EXPECT_EQ(ERR_CERT_INVALID, rv); |
+ } else if (data.expected_has_md5) { |
+ EXPECT_EQ(ERR_CERT_WEAK_SIGNATURE_ALGORITHM, rv); |
+ } else { |
+ EXPECT_EQ(OK, rv); |
+ } |
+ } |
} |
// Unlike TEST/TEST_F, which are macros that expand to further macros, |