Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(144)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_unittest.cc

Issue 1094983002: Account for the OS returning an empty certificate chain. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: test, somewhat tidier code Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/cert_verify_proc_mac.cc ('K') | « net/cert/cert_verify_proc_mac.cc ('k') | net/data/ssl/certificates/large_key.pem » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc.h" 5 #include "net/cert/cert_verify_proc.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/callback_helpers.h" 9 #include "base/callback_helpers.h"
10 #include "base/files/file_path.h" 10 #include "base/files/file_path.h"
(...skipping 1575 matching lines...) Expand 10 before | Expand all | Expand 10 after
1586 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); 1586 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error);
1587 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID); 1587 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);
1588 } 1588 }
1589 } 1589 }
1590 1590
1591 WRAPPED_INSTANTIATE_TEST_CASE_P( 1591 WRAPPED_INSTANTIATE_TEST_CASE_P(
1592 VerifyName, 1592 VerifyName,
1593 CertVerifyProcNameTest, 1593 CertVerifyProcNameTest,
1594 testing::ValuesIn(kVerifyNameData)); 1594 testing::ValuesIn(kVerifyNameData));
1595 1595
1596 #if defined(OS_MACOSX)
1597 // Test that CertVerifyProcMac reacts appropriately when Apple's certificate
1598 // verifier rejects a certificate with a fatal error. This is a regression
1599 // test for https://crbug.com/472291.
1600 TEST_F(CertVerifyProcTest, LargeKey) {
1601 // Load root_ca_cert.pem into the test root store.
1602 TestRootCerts* root_certs = TestRootCerts::GetInstance();
1603 root_certs->AddFromFile(
1604 GetTestCertsDirectory().AppendASCII("root_ca_cert.pem"));
1605
1606 CertificateList cert_list = CreateCertificateListFromFile(
1607 GetTestCertsDirectory(), "large_key.pem", X509Certificate::FORMAT_AUTO);
1608 ASSERT_EQ(1U, cert_list.size());
1609 scoped_refptr<X509Certificate> cert(cert_list[0]);
1610
1611 // Apple's verifier rejects this certificate as invalid because the
1612 // RSA key is too large. If a future version of OS X changes this,
1613 // large_key.pem may need to be regenerated with a larger key.
1614 int flags = 0;
1615 CertVerifyResult verify_result;
1616 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_,
1617 &verify_result);
1618 EXPECT_EQ(ERR_CERT_INVALID, error);
1619 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status);
1620
1621 root_certs->Clear();
1622 EXPECT_TRUE(root_certs->IsEmpty());
1623 }
1624 #endif // defined(OS_MACOSX)
1625
1596 } // namespace net 1626 } // namespace net
OLDNEW
« net/cert/cert_verify_proc_mac.cc ('K') | « net/cert/cert_verify_proc_mac.cc ('k') | net/data/ssl/certificates/large_key.pem » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698