Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(327)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_unittest.cc

Issue 1174073003: Add served cert chain to SSLInfo (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: update HttpResponseInfo::ssl_info comment Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_info.h » ('j') | net/ssl/ssl_info.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_unittest.cc
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 8d6bb1bd189348890687eee249264885067b0f2e..8739726b77a1234886045f381e1a1383e2100143 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -2422,8 +2422,9 @@ TEST_F(SSLClientSocketTest, VerifyServerChainProperlyOrdered) {
X509Certificate::FORMAT_AUTO);
// Get the server certificate as received client side.
- scoped_refptr<X509Certificate> server_certificate =
- sock->GetUnverifiedServerCertificateChain();
+ SSLInfo ssl_info;
+ sock->GetSSLInfo(&ssl_info);
Ryan Sleevi 2015/06/12 21:14:06 Hrm. This should probably be an ASSERT_TRUE() here
estark 2015/06/12 21:20:41 Done.
+ scoped_refptr<X509Certificate> server_certificate = ssl_info.unverified_cert;
// Get the intermediates as received client side.
const X509Certificate::OSCertHandles& server_intermediates =
@@ -2466,6 +2467,11 @@ TEST_F(SSLClientSocketTest, VerifyReturnChainProperlyOrdered) {
// expired.
cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
+ CertificateList unverified_certs = CreateCertificateListFromFile(
+ GetTestCertsDirectory(), "redundant-server-chain.pem",
+ X509Certificate::FORMAT_AUTO);
+ ASSERT_EQ(4u, unverified_certs.size());
+
// We will expect SSLInfo to ultimately contain this chain.
CertificateList certs =
CreateCertificateListFromFile(GetTestCertsDirectory(),
@@ -2543,6 +2549,19 @@ TEST_F(SSLClientSocketTest, VerifyReturnChainProperlyOrdered) {
EXPECT_TRUE(X509Certificate::IsSameOSCert(intermediates[1],
certs[2]->os_cert_handle()));
+ // Verify that SSLInfo also contains the chain as received from the server.
+ const X509Certificate::OSCertHandles& served_intermediates =
+ ssl_info.unverified_cert->GetIntermediateCertificates();
+ ASSERT_EQ(3U, served_intermediates.size());
+ EXPECT_TRUE(X509Certificate::IsSameOSCert(
+ ssl_info.cert->os_cert_handle(), unverified_certs[0]->os_cert_handle()));
+ EXPECT_TRUE(X509Certificate::IsSameOSCert(
+ served_intermediates[0], unverified_certs[1]->os_cert_handle()));
+ EXPECT_TRUE(X509Certificate::IsSameOSCert(
+ served_intermediates[1], unverified_certs[2]->os_cert_handle()));
+ EXPECT_TRUE(X509Certificate::IsSameOSCert(
+ served_intermediates[2], unverified_certs[3]->os_cert_handle()));
+
sock->Disconnect();
EXPECT_FALSE(sock->IsConnected());
}
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_info.h » ('j') | net/ssl/ssl_info.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698