net/cert/cert_verify_proc_unittest.cc - Issue 1094983002: Account for the OS returning an empty certificate chain.

Side by Side Diff: net/cert/cert_verify_proc_unittest.cc

Issue 1094983002: Account for the OS returning an empty certificate chain. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/cert_verify_proc.h"	5 #include "net/cert/cert_verify_proc.h"

6	6

7 #include <vector>	7 #include <vector>

8	8

9 #include "base/callback_helpers.h"	9 #include "base/callback_helpers.h"

10 #include "base/files/file_path.h"	10 #include "base/files/file_path.h"

(...skipping 1575 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1586 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error);	1586 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error);

1587 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);	1587 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);

1588 }	1588 }

1589 }	1589 }

1590	1590

1591 WRAPPED_INSTANTIATE_TEST_CASE_P(	1591 WRAPPED_INSTANTIATE_TEST_CASE_P(

1592 VerifyName,	1592 VerifyName,

1593 CertVerifyProcNameTest,	1593 CertVerifyProcNameTest,

1594 testing::ValuesIn(kVerifyNameData));	1594 testing::ValuesIn(kVerifyNameData));

1595	1595

	1596 #if defined(OS_MACOSX) && !defined(OS_IOS)

	1597 // Test that CertVerifyProcMac reacts appropriately when Apple's certificate

	1598 // verifier rejects a certificate with a fatal error. This is a regression

	1599 // test for https://crbug.com/472291.

	1600 TEST_F(CertVerifyProcTest, LargeKey) {

	1601 // Load root_ca_cert.pem into the test root store.

	1602 TestRootCerts* root_certs = TestRootCerts::GetInstance();

	1603 root_certs->AddFromFile(

	1604 GetTestCertsDirectory().AppendASCII("root_ca_cert.pem"));
	Ryan Sleevi 2015/04/23 14:05:41 https://code.google.com/p/chromium/codesearch#chro https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/test_root... ScopedTestRoot test_root(ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem").get()); [Really, ScopedTestRoot should take a "const scoped_refptr<X509Certificate>&" so that we don't have to do the .get() dance; in case it scares you to see the .get(), the temporary lasts for the duration of the full statement (aka the full execution of the ctor), which will handle grabbing the ref to keep things alive] davidben 2015/04/23 18:12:29 I just copy-and-pasted that part of the test. :-P Show quoted text On 2015/04/23 14:05:41, Ryan Sleevi wrote: > https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/test_root... > > ScopedTestRoot test_root(ImportCertFromFile(GetTestCertsDirectory(), > "root_ca_cert.pem").get()); > > > [Really, ScopedTestRoot should take a "const scoped_refptr<X509Certificate>&" so > that we don't have to do the .get() dance; in case it scares you to see the > .get(), the temporary lasts for the duration of the full statement (aka the full > execution of the ctor), which will handle grabbing the ref to keep things alive] I just copy-and-pasted that part of the test. :-P Done.
	1605

	1606 CertificateList cert_list = CreateCertificateListFromFile(

	1607 GetTestCertsDirectory(), "large_key.pem", X509Certificate::FORMAT_AUTO);

	1608 ASSERT_EQ(1U, cert_list.size());

	1609 scoped_refptr<X509Certificate> cert(cert_list[0]);
	Ryan Sleevi 2015/04/23 14:05:41 Either ImportCertFromFile or https://code.google.c Either ImportCertFromFile or https://code.google.com/p/chromium/codesearch#chromium/src/net/test/cert_test... davidben 2015/04/23 18:12:28 Done. Show quoted text On 2015/04/23 14:05:41, Ryan Sleevi wrote: > Either ImportCertFromFile or > https://code.google.com/p/chromium/codesearch#chromium/src/net/test/cert_test... Done.
	1610

	1611 // Apple's verifier rejects this certificate as invalid because the

	1612 // RSA key is too large. If a future version of OS X changes this,

	1613 // large_key.pem may need to be regenerated with a larger key.

	1614 int flags = 0;

	1615 CertVerifyResult verify_result;

	1616 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_,

	1617 &verify_result);

	1618 EXPECT_EQ(ERR_CERT_INVALID, error);

	1619 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status);

	1620

	1621 root_certs->Clear();

	1622 EXPECT_TRUE(root_certs->IsEmpty());

	1623 }

	1624 #endif // defined(OS_MACOSX) && !defined(OS_IOS)

	1625

1596 } // namespace net	1626 } // namespace net

OLD	NEW

« net/cert/cert_verify_proc_mac.cc ('K') | « net/cert/cert_verify_proc_mac.cc ('k') | net/data/ssl/certificates/large_key.pem » ('j') | no next file with comments »