| Index: net/cert/cert_verify_proc_unittest.cc
|
| diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc
|
| index ed6f028b2002d2446f10186473d9bb2e3d002c0e..bbe7fd1cdf8cbf15943c41ff90ed108ea63cf4ba 100644
|
| --- a/net/cert/cert_verify_proc_unittest.cc
|
| +++ b/net/cert/cert_verify_proc_unittest.cc
|
| @@ -1593,4 +1593,34 @@ WRAPPED_INSTANTIATE_TEST_CASE_P(
|
| CertVerifyProcNameTest,
|
| testing::ValuesIn(kVerifyNameData));
|
|
|
| +#if defined(OS_MACOSX)
|
| +// Test that CertVerifyProcMac reacts appropriately when Apple's certificate
|
| +// verifier rejects a certificate with a fatal error. This is a regression
|
| +// test for https://crbug.com/472291.
|
| +TEST_F(CertVerifyProcTest, LargeKey) {
|
| + // Load root_ca_cert.pem into the test root store.
|
| + TestRootCerts* root_certs = TestRootCerts::GetInstance();
|
| + root_certs->AddFromFile(
|
| + GetTestCertsDirectory().AppendASCII("root_ca_cert.pem"));
|
| +
|
| + CertificateList cert_list = CreateCertificateListFromFile(
|
| + GetTestCertsDirectory(), "large_key.pem", X509Certificate::FORMAT_AUTO);
|
| + ASSERT_EQ(1U, cert_list.size());
|
| + scoped_refptr<X509Certificate> cert(cert_list[0]);
|
| +
|
| + // Apple's verifier rejects this certificate as invalid because the
|
| + // RSA key is too large. If a future version of OS X changes this,
|
| + // large_key.pem may need to be regenerated with a larger key.
|
| + int flags = 0;
|
| + CertVerifyResult verify_result;
|
| + int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_,
|
| + &verify_result);
|
| + EXPECT_EQ(ERR_CERT_INVALID, error);
|
| + EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status);
|
| +
|
| + root_certs->Clear();
|
| + EXPECT_TRUE(root_certs->IsEmpty());
|
| +}
|
| +#endif // defined(OS_MACOSX)
|
| +
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 1094983002:
Account for the OS returning an empty certificate chain. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master