Differentiate between VERIFY_FAILED and VERIFY_INCORRECT_KEY_USAGE.

net/cert/cert_verify_proc_unittest.cc

Index: net/cert/cert_verify_proc_unittest.cc
diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc
index 2c0e97dcdc1e31b9069a2324a6e70927d690f57c..d694625dddc5847524d2177a996367640e89c0c1 100644
--- a/net/cert/cert_verify_proc_unittest.cc
+++ b/net/cert/cert_verify_proc_unittest.cc
@@ -528,18 +528,15 @@ TEST_F(CertVerifyProcTest, InvalidKeyUsage) {
   CertVerifyResult verify_result;
   int error = Verify(server_cert, "jira.aquameta.com", flags, NULL,
                      empty_cert_list_, &verify_result);
-#if defined(USE_OPENSSL)
-  // This certificate has two errors: "invalid key usage" and "untrusted CA".
-  // However, OpenSSL returns only one (the latter), and we can't detect
-  // the other errors.
-  EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
-#else
   EXPECT_EQ(ERR_CERT_INVALID, error);
   EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID);
-#endif
+
   // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors
   // from NSS.
-#if !defined(USE_NSS) && !defined(OS_IOS)
+#if !defined(USE_NSS) && !defined(OS_IOS) && !defined(USE_OPENSSL)
+  // This certificate has two errors: "invalid key usage" and "untrusted CA".
+  // However, OpenSSL returns only one (the former), and we can't detect
+  // the other errors.

[joth, 2013/04/23 18:27:21]

think this will fail on linux redux (as the "can't detect" comment refers to
using full openssl, rather than the android flow)

so my guess is...

#if OPENSSL && !ANDROID
// can't detect other errors
EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
#else
EXPECT_EQ(ERR_CERT_INVALID, error);
EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID);
#endif

[palmer, 2013/04/23 20:47:41]

Done.

   // The certificate is issued by an unknown CA.
   EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
 #endif