Issue 1553903002: Regenerate the test certificates.

	Unified diffs	Side-by-side diffs	Stats (+1751 lines, -1753 lines)			Patch
M	net/cert/cert_verify_proc_whitelist_unittest.cc	View	1 chunk	+4 lines, -4 lines	0 comments	Download
M	net/cert/x509_certificate_unittest.cc	View	1 chunk	+1 line, -1 line	1 comment	Download
M	net/data/ssl/certificates/10_year_validity.pem	View	2 chunks	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/11_year_validity.pem	View	1 chunk	+53 lines, -53 lines	0 comments	Download
M	net/data/ssl/certificates/39_months_after_2015_04.pem	View	2 chunks	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/40_months_after_2015_04.pem	View	2 chunks	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/60_months_after_2012_07.pem	View	2 chunks	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/61_months_after_2012_07.pem	View	1 chunk	+53 lines, -53 lines	0 comments	Download
M	net/data/ssl/certificates/bad_validity.pem	View	2 chunks	+78 lines, -78 lines	0 comments	Download
M	net/data/ssl/certificates/crlset_by_leaf_spki.raw	View	Binary file		0 comments	Download
M	net/data/ssl/certificates/crlset_by_root_serial.raw	View	Binary file		0 comments	Download
M	net/data/ssl/certificates/expired_cert.pem	View	2 chunks	+75 lines, -75 lines	0 comments	Download
M	net/data/ssl/certificates/large_key.pem	View	1 chunk	+176 lines, -176 lines	0 comments	Download
M	net/data/ssl/certificates/localhost_cert.pem	View	1 chunk	+83 lines, -84 lines	0 comments	Download
M	net/data/ssl/certificates/name_constraint_bad.pem	View	1 chunk	+80 lines, -80 lines	0 comments	Download
M	net/data/ssl/certificates/name_constraint_good.pem	View	1 chunk	+80 lines, -80 lines	0 comments	Download
M	net/data/ssl/certificates/ok_cert.pem	View	2 chunks	+78 lines, -78 lines	0 comments	Download
M	net/data/ssl/certificates/pre_br_validity_bad_121.pem	View	2 chunks	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/pre_br_validity_bad_2020.pem	View	2 chunks	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/pre_br_validity_ok.pem	View	2 chunks	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/punycodetest.pem	View	2 chunks	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/reject_intranet_hosts.pem	View	1 chunk	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/root_ca_cert.pem	View	1 chunk	+79 lines, -79 lines	0 comments	Download
M	net/data/ssl/certificates/sha1_2016.pem	View	2 chunks	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/sha1_dec_2015.pem	View	2 chunks	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/sha1_jan_2016.pem	View	2 chunks	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/sha256.pem	View	1 chunk	+57 lines, -58 lines	0 comments	Download
M	net/data/ssl/certificates/spdy_pooling.pem	View	1 chunk	+54 lines, -54 lines	0 comments	Download
M	net/data/ssl/certificates/start_after_expiry.pem	View	2 chunks	+51 lines, -51 lines	0 comments	Download
M	net/data/ssl/certificates/subjectAltName_sanity_check.pem	View	2 chunks	+55 lines, -55 lines	0 comments	Download
M	net/data/ssl/certificates/wildcard.pem	View	1 chunk	+80 lines, -80 lines	0 comments	Download
M	net/http/disk_based_cert_cache_unittest.cc	View	1 chunk	+2 lines, -2 lines	0 comments	Download

Depends on Patchset:

Issue 1552783003 Patch 20001

Messages

Total messages: 2 (1 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Ryan Hamilton

4 years, 11 months ago (2016-01-04 18:34:07 UTC) #2

Hi Ryan,

Mostly this was straightforward, but there are a few test failures that I don't
seem to know how to fix.

For CertVerifyProcTest.NameConstraintsFailure, it looks like the certs in
question are root_ca_cert.pem and name_constraint_bad.pem, but I don't see any
obvious changes.

For the PKP tests, I'm sure I need to change
net/data/url_request_unittest/hpkp-headers.html.mock-http-headers to reflect the
new sha256 hash, but I'm not sure how to generate that value. What's the OpenSSL
incantation I need to run?

[ RUN      ] URLRequestTestHTTP.ProcessSTSAndPKP2
../../net/url_request/url_request_unittest.cc:6090: Failure
Value of: security_state->GetDynamicPKPState(test_server_hostname, &pkp_state)
  Actual: false
Expected: true
../../net/url_request/url_request_unittest.cc:6096: Failure
Value of: pkp_state.HasPublicKeyPins()
  Actual: false
Expected: true
[  FAILED  ] URLRequestTestHTTP.ProcessSTSAndPKP2 (189 ms)
[15271/15274] URLRequestTestHTTP.ProcessSTSAndPKP2 (189 ms)
[ RUN      ] URLRequestTestHTTP.ProcessSTSAndPKP
../../net/url_request/url_request_unittest.cc:6047: Failure
Value of: security_state->GetDynamicPKPState(test_server_hostname, &pkp_state)
  Actual: false
Expected: true
../../net/url_request/url_request_unittest.cc:6053: Failure
Value of: pkp_state.HasPublicKeyPins()
  Actual: false
Expected: true
[  FAILED  ] URLRequestTestHTTP.ProcessSTSAndPKP (173 ms)
[15272/15274] URLRequestTestHTTP.ProcessSTSAndPKP (173 ms)
[ RUN      ] URLRequestTestHTTP.ProcessPKP
../../net/url_request/url_request_unittest.cc:5781: Failure
Value of: security_state->GetDynamicPKPState(test_server_hostname, &pkp_state)
  Actual: false
Expected: true
../../net/url_request/url_request_unittest.cc:5786: Failure
Value of: pkp_state.HasPublicKeyPins()
  Actual: false
Expected: true
../../net/url_request/url_request_unittest.cc:5787: Failure
Value of: pkp_state.report_uri
  Actual: 
Expected: report_uri
Which is: https://hpkp-report.test/
../../net/url_request/url_request_unittest.cc:5788: Failure
Expected: (sts_state.expiry) != (pkp_state.expiry), actual: 1601-01-01
00:00:00.000 UTC vs 1601-01-01 00:00:00.000 UTC
[  FAILED  ] URLRequestTestHTTP.ProcessPKP (155 ms)
[15273/15274] URLRequestTestHTTP.ProcessPKP (155 ms)
[ RUN      ] CertVerifyProcTest.NameConstraintsFailure
../../net/cert/cert_verify_proc_unittest.cc:620: Failure
Value of: error
  Actual: 0
Expected: ERR_CERT_NAME_CONSTRAINT_VIOLATION
Which is: -212
../../net/cert/cert_verify_proc_unittest.cc:622: Failure
Value of: verify_result.cert_status & CERT_STATUS_NAME_CONSTRAINT_VIOLATION
  Actual: 0
Expected: CERT_STATUS_NAME_CONSTRAINT_VIOLATION
Which is: 16384
[  FAILED  ] CertVerifyProcTest.NameConstraintsFailure (146 ms)
[15274/15274] CertVerifyProcTest.NameConstraintsFailure (146 ms)
4 tests failed:
    CertVerifyProcTest.NameConstraintsFailure
(../../net/cert/cert_verify_proc_unittest.cc:589)
    URLRequestTestHTTP.ProcessPKP
(../../net/url_request/url_request_unittest.cc:5758)
    URLRequestTestHTTP.ProcessSTSAndPKP
(../../net/url_request/url_request_unittest.cc:6022)
    URLRequestTestHTTP.ProcessSTSAndPKP2
(../../net/url_request/url_request_unittest.cc:6066)

https://codereview.chromium.org/1553903002/diff/20001/net/cert/x509_certifica...
File net/cert/x509_certificate_unittest.cc (right):

https://codereview.chromium.org/1553903002/diff/20001/net/cert/x509_certifica...
net/cert/x509_certificate_unittest.cc:507: EXPECT_EQ("localhost",
san_cert->subject().common_name);
If you look at the cert in question, it appears to have changed the SAN from
127.0.0.1 to localhost. I'm not sure if changing this test is OK, or if I should
change the cert script?

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages