Chromium Code Reviews Chromium Code Reviews
Issue 1882433002:
Removing NSS files and USE_OPENSSL flag (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/files/file_path.h" | 5 #include "base/files/file_path.h" |
| 6 #include "build/build_config.h" | 6 #include "build/build_config.h" |
| 7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
| 8 #include "net/base/test_data_directory.h" | 8 #include "net/base/test_data_directory.h" |
| 9 #include "net/cert/cert_status_flags.h" | 9 #include "net/cert/cert_status_flags.h" |
| 10 #include "net/cert/cert_verify_proc.h" | 10 #include "net/cert/cert_verify_proc.h" |
| 11 #include "net/cert/cert_verify_result.h" | 11 #include "net/cert/cert_verify_result.h" |
| 12 #include "net/cert/test_root_certs.h" | 12 #include "net/cert/test_root_certs.h" |
| 13 #include "net/cert/x509_certificate.h" | 13 #include "net/cert/x509_certificate.h" |
| 14 #include "net/test/cert_test_util.h" | 14 #include "net/test/cert_test_util.h" |
| 15 #include "testing/gtest/include/gtest/gtest.h" | 15 #include "testing/gtest/include/gtest/gtest.h" |
| 16 | 16 |
| 17 #if defined(USE_NSS_VERIFIER) | 17 #if defined(USE_NSS_CERTS) |
| 18 #include <nss.h> | 18 #include <nss.h> |
| 19 #endif | 19 #endif |
| 20 | 20 |
| 21 namespace net { | 21 namespace net { |
| 22 | 22 |
| 23 namespace { | 23 namespace { |
| 24 | 24 |
| 25 // The local test root certificate. | 25 // The local test root certificate. |
| 26 const char kRootCertificateFile[] = "root_ca_cert.pem"; | 26 const char kRootCertificateFile[] = "root_ca_cert.pem"; |
| 27 // A certificate issued by the local test root for 127.0.0.1. | 27 // A certificate issued by the local test root for 127.0.0.1. |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 61 test_roots->Clear(); | 61 test_roots->Clear(); |
| 62 EXPECT_TRUE(test_roots->IsEmpty()); | 62 EXPECT_TRUE(test_roots->IsEmpty()); |
| 63 } | 63 } |
| 64 | 64 |
| 65 // Test that TestRootCerts actually adds the appropriate trust status flags | 65 // Test that TestRootCerts actually adds the appropriate trust status flags |
| 66 // when requested, and that the trusted status is cleared once the root is | 66 // when requested, and that the trusted status is cleared once the root is |
| 67 // removed the TestRootCerts. This test acts as a canary/sanity check for | 67 // removed the TestRootCerts. This test acts as a canary/sanity check for |
| 68 // the results of the rest of net_unittests, ensuring that the trust status | 68 // the results of the rest of net_unittests, ensuring that the trust status |
| 69 // is properly being set and cleared. | 69 // is properly being set and cleared. |
| 70 TEST(TestRootCertsTest, OverrideTrust) { | 70 TEST(TestRootCertsTest, OverrideTrust) { |
| 71 #if defined(USE_NSS_VERIFIER) | |
|
davidben
2016/04/18 19:36:45
I think this is still needed, unless we're finally
svaldez
2016/04/18 20:21:39
Done.
| |
| 72 if (NSS_VersionCheck("3.14.2") && !NSS_VersionCheck("3.15")) { | |
| 73 // See http://bugzil.la/863947 for details | |
| 74 LOG(INFO) << "Skipping test for NSS 3.14.2 - NSS 3.15"; | |
| 75 return; | |
| 76 } | |
| 77 #endif | |
| 78 | |
| 79 TestRootCerts* test_roots = TestRootCerts::GetInstance(); | 71 TestRootCerts* test_roots = TestRootCerts::GetInstance(); |
| 80 ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots); | 72 ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots); |
| 81 EXPECT_TRUE(test_roots->IsEmpty()); | 73 EXPECT_TRUE(test_roots->IsEmpty()); |
| 82 | 74 |
| 83 scoped_refptr<X509Certificate> test_cert = | 75 scoped_refptr<X509Certificate> test_cert = |
| 84 ImportCertFromFile(GetTestCertsDirectory(), kGoodCertificateFile); | 76 ImportCertFromFile(GetTestCertsDirectory(), kGoodCertificateFile); |
| 85 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get()); | 77 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get()); |
| 86 | 78 |
| 87 // Test that the good certificate fails verification, because the root | 79 // Test that the good certificate fails verification, because the root |
| 88 // certificate should not yet be trusted. | 80 // certificate should not yet be trusted. |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 158 EXPECT_FALSE(test_roots->Contains(root_cert_1->os_cert_handle())); | 150 EXPECT_FALSE(test_roots->Contains(root_cert_1->os_cert_handle())); |
| 159 EXPECT_FALSE(test_roots->Contains(root_cert_2->os_cert_handle())); | 151 EXPECT_FALSE(test_roots->Contains(root_cert_2->os_cert_handle())); |
| 160 } | 152 } |
| 161 #endif | 153 #endif |
| 162 | 154 |
| 163 // TODO(rsleevi): Add tests for revocation checking via CRLs, ensuring that | 155 // TODO(rsleevi): Add tests for revocation checking via CRLs, ensuring that |
| 164 // TestRootCerts properly injects itself into the validation process. See | 156 // TestRootCerts properly injects itself into the validation process. See |
| 165 // http://crbug.com/63958 | 157 // http://crbug.com/63958 |
| 166 | 158 |
| 167 } // namespace net | 159 } // namespace net |
| OLD | NEW |
