Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(194)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_unittest.cc

Issue 1871043003: Fixing BoringSSL on iOS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Adding simulator fix. Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/cert_verify_proc_ios.cc ('K') | « net/cert/cert_verify_proc_ios.cc ('k') | net/net.gyp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc.h" 5 #include "net/cert/cert_verify_proc.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/callback_helpers.h" 9 #include "base/callback_helpers.h"
10 #include "base/files/file_path.h" 10 #include "base/files/file_path.h"
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
96 #endif 96 #endif
97 return true; 97 return true;
98 } 98 }
99 99
100 bool SupportsDetectingKnownRoots() { 100 bool SupportsDetectingKnownRoots() {
101 #if defined(OS_ANDROID) 101 #if defined(OS_ANDROID)
102 // Before API level 17, Android does not expose the APIs necessary to get at 102 // Before API level 17, Android does not expose the APIs necessary to get at
103 // the verified certificate chain and detect known roots. 103 // the verified certificate chain and detect known roots.
104 if (base::android::BuildInfo::GetInstance()->sdk_int() < 17) 104 if (base::android::BuildInfo::GetInstance()->sdk_int() < 17)
105 return false; 105 return false;
106 #elif defined(OS_IOS) && defined(USE_OPENSSL)
107 // iOS does not expose the APIs necessary to get the known system roots.
108 return false;
106 #endif 109 #endif
107 return true; 110 return true;
108 } 111 }
109 112
110 // Template helper to load a series of certificate files into a CertificateList. 113 // Template helper to load a series of certificate files into a CertificateList.
111 // Like CertTestUtil's CreateCertificateListFromFile, except it can load a 114 // Like CertTestUtil's CreateCertificateListFromFile, except it can load a
112 // series of individual certificates (to make the tests clearer). 115 // series of individual certificates (to make the tests clearer).
113 template <size_t N> 116 template <size_t N>
114 void LoadCertificateFiles(const char* const (&cert_files)[N], 117 void LoadCertificateFiles(const char* const (&cert_files)[N],
115 CertificateList* certs) { 118 CertificateList* certs) {
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after
216 int flags = 0; 219 int flags = 0;
217 CertVerifyResult verify_result; 220 CertVerifyResult verify_result;
218 int error = Verify(paypal_null_cert.get(), 221 int error = Verify(paypal_null_cert.get(),
219 "www.paypal.com", 222 "www.paypal.com",
220 flags, 223 flags,
221 NULL, 224 NULL,
222 empty_cert_list_, 225 empty_cert_list_,
223 &verify_result); 226 &verify_result);
224 #if defined(USE_NSS_VERIFIER) || defined(OS_ANDROID) 227 #if defined(USE_NSS_VERIFIER) || defined(OS_ANDROID)
225 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); 228 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error);
229 #elif defined(OS_IOS)
230 // iOS returns a ERR_CERT_INVALID error on the real device, while returning
231 // a ERR_CERT_AUTHORITY_INVALID on the simulator.
232 EXPECT_NE(OK, error);
233 EXPECT_TRUE(verify_result.cert_status &
234 (CERT_STATUS_AUTHORITY_INVALID | CERT_STATUS_INVALID));
226 #else 235 #else
227 // TOOD(bulach): investigate why macosx and win aren't returning 236 // TOOD(bulach): investigate why macosx and win aren't returning
228 // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID. 237 // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID.
229 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); 238 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
230 #endif 239 #endif
231 // Either the system crypto library should correctly report a certificate 240 // Either the system crypto library should correctly report a certificate
232 // name mismatch, or our certificate blacklist should cause us to report an 241 // name mismatch, or our certificate blacklist should cause us to report an
233 // invalid certificate. 242 // invalid certificate.
234 #if defined(USE_NSS_VERIFIER) || defined(OS_WIN) 243 #if defined(USE_NSS_VERIFIER) || defined(OS_WIN)
235 EXPECT_TRUE(verify_result.cert_status & 244 EXPECT_TRUE(verify_result.cert_status &
(...skipping 860 matching lines...) Expand 10 before | Expand all | Expand 10 after
1096 int flags = 0; 1105 int flags = 0;
1097 CertVerifyResult verify_result; 1106 CertVerifyResult verify_result;
1098 int error = Verify( 1107 int error = Verify(
1099 cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, &verify_result); 1108 cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, &verify_result);
1100 EXPECT_EQ(OK, error); 1109 EXPECT_EQ(OK, error);
1101 EXPECT_EQ(0U, verify_result.cert_status); 1110 EXPECT_EQ(0U, verify_result.cert_status);
1102 // But should not be marked as a known root. 1111 // But should not be marked as a known root.
1103 EXPECT_FALSE(verify_result.is_issued_by_known_root); 1112 EXPECT_FALSE(verify_result.is_issued_by_known_root);
1104 } 1113 }
1105 1114
1106 #if defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_WIN) || \ 1115 #if defined(USE_NSS_VERIFIER) || defined(OS_WIN) || \
1107 defined(OS_MACOSX) 1116 (defined(OS_MACOSX) && !defined(OS_IOS))
1108 // Test that CRLSets are effective in making a certificate appear to be 1117 // Test that CRLSets are effective in making a certificate appear to be
1109 // revoked. 1118 // revoked.
1110 TEST_F(CertVerifyProcTest, CRLSet) { 1119 TEST_F(CertVerifyProcTest, CRLSet) {
1111 CertificateList ca_cert_list = 1120 CertificateList ca_cert_list =
1112 CreateCertificateListFromFile(GetTestCertsDirectory(), 1121 CreateCertificateListFromFile(GetTestCertsDirectory(),
1113 "root_ca_cert.pem", 1122 "root_ca_cert.pem",
1114 X509Certificate::FORMAT_AUTO); 1123 X509Certificate::FORMAT_AUTO);
1115 ASSERT_EQ(1U, ca_cert_list.size()); 1124 ASSERT_EQ(1U, ca_cert_list.size());
1116 ScopedTestRoot test_root(ca_cert_list[0].get()); 1125 ScopedTestRoot test_root(ca_cert_list[0].get());
1117 1126
(...skipping 554 matching lines...) Expand 10 before | Expand all | Expand 10 after
1672 int flags = 0; 1681 int flags = 0;
1673 CertVerifyResult verify_result; 1682 CertVerifyResult verify_result;
1674 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, 1683 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_,
1675 &verify_result); 1684 &verify_result);
1676 EXPECT_EQ(ERR_CERT_INVALID, error); 1685 EXPECT_EQ(ERR_CERT_INVALID, error);
1677 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); 1686 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status);
1678 } 1687 }
1679 #endif // defined(OS_MACOSX) && !defined(OS_IOS) 1688 #endif // defined(OS_MACOSX) && !defined(OS_IOS)
1680 1689
1681 } // namespace net 1690 } // namespace net
OLDNEW
« net/cert/cert_verify_proc_ios.cc ('K') | « net/cert/cert_verify_proc_ios.cc ('k') | net/net.gyp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698