net/cert/cert_verify_proc_unittest.cc - Issue 14358023: Differentiate between VERIFY_FAILED and VERIFY_INCORRECT_KEY_USAGE.

Side by Side Diff: net/cert/cert_verify_proc_unittest.cc

Issue 14358023: Differentiate between VERIFY_FAILED and VERIFY_INCORRECT_KEY_USAGE. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Re-enable the test, and make it pass. Created 7 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/cert_verify_proc.h"	5 #include "net/cert/cert_verify_proc.h"

6	6

7 #include <vector>	7 #include <vector>

8	8

9 #include "base/files/file_path.h"	9 #include "base/files/file_path.h"

10 #include "base/logging.h"	10 #include "base/logging.h"

(...skipping 510 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
521 base::FilePath certs_dir = GetTestCertsDirectory();	521 base::FilePath certs_dir = GetTestCertsDirectory();

522	522

523 scoped_refptr<X509Certificate> server_cert =	523 scoped_refptr<X509Certificate> server_cert =

524 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der");	524 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der");

525 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);	525 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);

526	526

527 int flags = 0;	527 int flags = 0;

528 CertVerifyResult verify_result;	528 CertVerifyResult verify_result;

529 int error = Verify(server_cert, "jira.aquameta.com", flags, NULL,	529 int error = Verify(server_cert, "jira.aquameta.com", flags, NULL,

530 empty_cert_list_, &verify_result);	530 empty_cert_list_, &verify_result);

531 #if defined(USE_OPENSSL)

532 // This certificate has two errors: "invalid key usage" and "untrusted CA".

533 // However, OpenSSL returns only one (the latter), and we can't detect

534 // the other errors.

535 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);

536 #else

537 EXPECT_EQ(ERR_CERT_INVALID, error);	531 EXPECT_EQ(ERR_CERT_INVALID, error);

538 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID);	532 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID);

539 #endif	533

540 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors	534 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors

541 // from NSS.	535 // from NSS.

542 #if !defined(USE_NSS) && !defined(OS_IOS)	536 #if !defined(USE_NSS) && !defined(OS_IOS) && !defined(USE_OPENSSL)

	537 // This certificate has two errors: "invalid key usage" and "untrusted CA".

	538 // However, OpenSSL returns only one (the former), and we can't detect

	539 // the other errors.
	joth 2013/04/23 18:27:21 think this will fail on linux redux (as the "can't think this will fail on linux redux (as the "can't detect" comment refers to using full openssl, rather than the android flow) so my guess is... #if OPENSSL && !ANDROID // can't detect other errors EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); #else EXPECT_EQ(ERR_CERT_INVALID, error); EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); #endif palmer 2013/04/23 20:47:41 Done. Show quoted text On 2013/04/23 18:27:21, joth wrote: > think this will fail on linux redux (as the "can't detect" comment refers to > using full openssl, rather than the android flow) > > so my guess is... > > #if OPENSSL && !ANDROID > // can't detect other errors > EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); > #else > EXPECT_EQ(ERR_CERT_INVALID, error); > EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); > #endif Done.
543 // The certificate is issued by an unknown CA.	540 // The certificate is issued by an unknown CA.

544 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);	541 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);

545 #endif	542 #endif

546 }	543 }

547	544

548 // Basic test for returning the chain in CertVerifyResult. Note that the	545 // Basic test for returning the chain in CertVerifyResult. Note that the

549 // returned chain may just be a reflection of the originally supplied chain;	546 // returned chain may just be a reflection of the originally supplied chain;

550 // that is, if any errors occur, the default chain returned is an exact copy	547 // that is, if any errors occur, the default chain returned is an exact copy

551 // of the certificate to be verified. The remaining VerifyReturn* tests are	548 // of the certificate to be verified. The remaining VerifyReturn* tests are

552 // used to ensure that the actual, verified chain is being returned by	549 // used to ensure that the actual, verified chain is being returned by

(...skipping 520 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1073 #define MAYBE_VerifyMixed DISABLED_VerifyMixed	1070 #define MAYBE_VerifyMixed DISABLED_VerifyMixed

1074 #else	1071 #else

1075 #define MAYBE_VerifyMixed VerifyMixed	1072 #define MAYBE_VerifyMixed VerifyMixed

1076 #endif	1073 #endif

1077 WRAPPED_INSTANTIATE_TEST_CASE_P(	1074 WRAPPED_INSTANTIATE_TEST_CASE_P(

1078 MAYBE_VerifyMixed,	1075 MAYBE_VerifyMixed,

1079 CertVerifyProcWeakDigestTest,	1076 CertVerifyProcWeakDigestTest,

1080 testing::ValuesIn(kVerifyMixedTestData));	1077 testing::ValuesIn(kVerifyMixedTestData));

1081	1078

1082 } // namespace net	1079 } // namespace net

OLD	NEW

« no previous file with comments | « net/cert/cert_verify_proc_android.cc ('k') | no next file » | no next file with comments »