| Index: net/cert/cert_verify_proc_unittest.cc
|
| diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc
|
| index 6026ea22a9b1f407e0a3b596b532ff3f711bd4e4..be9868d3b36955f5b8877b9d1838cc6a59b40389 100644
|
| --- a/net/cert/cert_verify_proc_unittest.cc
|
| +++ b/net/cert/cert_verify_proc_unittest.cc
|
| @@ -1168,129 +1168,6 @@ TEST_F(CertVerifyProcTest, IsIssuedByKnownRootIgnoresTestRoots) {
|
| EXPECT_FALSE(verify_result.is_issued_by_known_root);
|
| }
|
|
|
| -#if defined(OS_MACOSX) && !defined(OS_IOS)
|
| -// Tests that, on OS X, issues with a cross-certified Baltimore CyberTrust
|
| -// Root can be successfully worked around once Apple completes removing the
|
| -// older GTE CyberTrust Root from its trusted root store.
|
| -//
|
| -// The issue is caused by servers supplying the cross-certified intermediate
|
| -// (necessary for certain mobile platforms), which OS X does not recognize
|
| -// as already existing within its trust store.
|
| -TEST_F(CertVerifyProcTest, DISABLED_CybertrustGTERoot) {
|
| - CertificateList certs = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(),
|
| - "cybertrust_omniroot_chain.pem",
|
| - X509Certificate::FORMAT_PEM_CERT_SEQUENCE);
|
| - ASSERT_EQ(2U, certs.size());
|
| -
|
| - X509Certificate::OSCertHandles intermediates;
|
| - intermediates.push_back(certs[1]->os_cert_handle());
|
| -
|
| - scoped_refptr<X509Certificate> cybertrust_basic =
|
| - X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
|
| - intermediates);
|
| - ASSERT_TRUE(cybertrust_basic.get());
|
| -
|
| - scoped_refptr<X509Certificate> baltimore_root =
|
| - ImportCertFromFile(GetTestCertsDirectory(),
|
| - "cybertrust_baltimore_root.pem");
|
| - ASSERT_TRUE(baltimore_root.get());
|
| -
|
| - ScopedTestRoot scoped_root(baltimore_root.get());
|
| -
|
| - // Ensure that ONLY the Baltimore CyberTrust Root is trusted. This
|
| - // simulates Keychain removing support for the GTE CyberTrust Root.
|
| - TestRootCerts::GetInstance()->SetAllowSystemTrust(false);
|
| - base::ScopedClosureRunner reset_system_trust(
|
| - base::Bind(&TestRootCerts::SetAllowSystemTrust,
|
| - base::Unretained(TestRootCerts::GetInstance()),
|
| - true));
|
| -
|
| - // First, make sure a simple certificate chain from
|
| - // EE -> Public SureServer SV -> Baltimore CyberTrust
|
| - // works. Only the first two certificates are included in the chain.
|
| - int flags = 0;
|
| - CertVerifyResult verify_result;
|
| - int error = Verify(cybertrust_basic.get(),
|
| - "cacert.omniroot.com",
|
| - flags,
|
| - NULL,
|
| - empty_cert_list_,
|
| - &verify_result);
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(CERT_STATUS_SHA1_SIGNATURE_PRESENT, verify_result.cert_status);
|
| -
|
| - // Attempt to verify with the first known cross-certified intermediate
|
| - // provided.
|
| - scoped_refptr<X509Certificate> baltimore_intermediate_1 =
|
| - ImportCertFromFile(GetTestCertsDirectory(),
|
| - "cybertrust_baltimore_cross_certified_1.pem");
|
| - ASSERT_TRUE(baltimore_intermediate_1.get());
|
| -
|
| - X509Certificate::OSCertHandles intermediate_chain_1 =
|
| - cybertrust_basic->GetIntermediateCertificates();
|
| - intermediate_chain_1.push_back(baltimore_intermediate_1->os_cert_handle());
|
| -
|
| - scoped_refptr<X509Certificate> baltimore_chain_1 =
|
| - X509Certificate::CreateFromHandle(cybertrust_basic->os_cert_handle(),
|
| - intermediate_chain_1);
|
| - error = Verify(baltimore_chain_1.get(),
|
| - "cacert.omniroot.com",
|
| - flags,
|
| - NULL,
|
| - empty_cert_list_,
|
| - &verify_result);
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(CERT_STATUS_SHA1_SIGNATURE_PRESENT, verify_result.cert_status);
|
| -
|
| - // Attempt to verify with the second known cross-certified intermediate
|
| - // provided.
|
| - scoped_refptr<X509Certificate> baltimore_intermediate_2 =
|
| - ImportCertFromFile(GetTestCertsDirectory(),
|
| - "cybertrust_baltimore_cross_certified_2.pem");
|
| - ASSERT_TRUE(baltimore_intermediate_2.get());
|
| -
|
| - X509Certificate::OSCertHandles intermediate_chain_2 =
|
| - cybertrust_basic->GetIntermediateCertificates();
|
| - intermediate_chain_2.push_back(baltimore_intermediate_2->os_cert_handle());
|
| -
|
| - scoped_refptr<X509Certificate> baltimore_chain_2 =
|
| - X509Certificate::CreateFromHandle(cybertrust_basic->os_cert_handle(),
|
| - intermediate_chain_2);
|
| - error = Verify(baltimore_chain_2.get(),
|
| - "cacert.omniroot.com",
|
| - flags,
|
| - NULL,
|
| - empty_cert_list_,
|
| - &verify_result);
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(CERT_STATUS_SHA1_SIGNATURE_PRESENT, verify_result.cert_status);
|
| -
|
| - // Attempt to verify when both a cross-certified intermediate AND
|
| - // the legacy GTE root are provided.
|
| - scoped_refptr<X509Certificate> cybertrust_root =
|
| - ImportCertFromFile(GetTestCertsDirectory(),
|
| - "cybertrust_gte_root.pem");
|
| - ASSERT_TRUE(cybertrust_root.get());
|
| -
|
| - intermediate_chain_2.push_back(cybertrust_root->os_cert_handle());
|
| - scoped_refptr<X509Certificate> baltimore_chain_with_root =
|
| - X509Certificate::CreateFromHandle(cybertrust_basic->os_cert_handle(),
|
| - intermediate_chain_2);
|
| - error = Verify(baltimore_chain_with_root.get(),
|
| - "cacert.omniroot.com",
|
| - flags,
|
| - NULL,
|
| - empty_cert_list_,
|
| - &verify_result);
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(CERT_STATUS_SHA1_SIGNATURE_PRESENT, verify_result.cert_status);
|
| -
|
| - TestRootCerts::GetInstance()->Clear();
|
| - EXPECT_TRUE(TestRootCerts::GetInstance()->IsEmpty());
|
| -}
|
| -#endif
|
| -
|
| #if defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_WIN) || \
|
| defined(OS_MACOSX)
|
| // Test that CRLSets are effective in making a certificate appear to be
|
|
|
Chromium Code Reviews
Issue 1751733002:
Remove CertVerifyProcTest.CybertrustGTERoot unit test (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master