| Index: net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py
|
| diff --git a/net/data/verify_certificate_chain_unittest/generate-intermediary-signed-with-md5.py b/net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py
|
| similarity index 59%
|
| copy from net/data/verify_certificate_chain_unittest/generate-intermediary-signed-with-md5.py
|
| copy to net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py
|
| index 8a59e6516d8d3038fef8a118614122ecc2405fe3..355f61e47aa96edf59be5fc4ce7019164d469ff9 100755
|
| --- a/net/data/verify_certificate_chain_unittest/generate-intermediary-signed-with-md5.py
|
| +++ b/net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py
|
| @@ -3,18 +3,19 @@
|
| # Use of this source code is governed by a BSD-style license that can be
|
| # found in the LICENSE file.
|
|
|
| -"""Certificate chain with 1 intermediary and a trusted root. The intermediary
|
| -however is signed using the MD5 hash. Verification is expected to fail because
|
| -MD5 is too weak."""
|
| +"""Certificate chain with 1 intermediary and a trusted root. The trusted root
|
| +is NOT self signed, however its issuer is not included in the chain or root
|
| +store. Verification is expected to succeed since the root is trusted."""
|
|
|
| import common
|
|
|
| -# Self-signed root certificate (part of trust store).
|
| -root = common.create_self_signed_root_certificate('Root')
|
| +shadow_root = common.create_self_signed_root_certificate('ShadowRoot')
|
|
|
| -# Intermediary.
|
| +# Non-self-signed root (part of trust store).
|
| +root = common.create_intermediary_certificate('Root', shadow_root)
|
| +
|
| +# Intermediary certificate.
|
| intermediary = common.create_intermediary_certificate('Intermediary', root)
|
| -intermediary.set_signature_hash('md5')
|
|
|
| # Target certificate.
|
| target = common.create_end_entity_certificate('Target', intermediary)
|
| @@ -22,6 +23,6 @@ target = common.create_end_entity_certificate('Target', intermediary)
|
| chain = [target, intermediary]
|
| trusted = [root]
|
| time = common.DEFAULT_TIME
|
| -verify_result = False
|
| +verify_result = True
|
|
|
| common.write_test_file(__doc__, chain, trusted, time, verify_result)
|
|
|
Chromium Code Reviews
Issue 1890193003:
Make Cast certificate verification enforce constraints specified in the trusted root certificate. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master