OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
(...skipping 995 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1006 | 1006 |
1007 // Verification should pass. | 1007 // Verification should pass. |
1008 int flags = 0; | 1008 int flags = 0; |
1009 CertVerifyResult verify_result; | 1009 CertVerifyResult verify_result; |
1010 int error = Verify( | 1010 int error = Verify( |
1011 cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, &verify_result); | 1011 cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, &verify_result); |
1012 EXPECT_EQ(OK, error); | 1012 EXPECT_EQ(OK, error); |
1013 EXPECT_EQ(0U, verify_result.cert_status); | 1013 EXPECT_EQ(0U, verify_result.cert_status); |
1014 // But should not be marked as a known root. | 1014 // But should not be marked as a known root. |
1015 EXPECT_FALSE(verify_result.is_issued_by_known_root); | 1015 EXPECT_FALSE(verify_result.is_issued_by_known_root); |
1016 | |
1017 root_certs->Clear(); | |
wtc
2014/03/25 16:00:19
Please add a comment to note why it is necessary t
haavardm
2014/03/25 17:18:03
This call is done like this many places (basically
wtc
2014/03/25 22:24:13
I see. If you think adding a comment for all of th
| |
1018 EXPECT_TRUE(root_certs->IsEmpty()); | |
1016 } | 1019 } |
1017 | 1020 |
1018 #if defined(OS_MACOSX) && !defined(OS_IOS) | 1021 #if defined(OS_MACOSX) && !defined(OS_IOS) |
1019 // Tests that, on OS X, issues with a cross-certified Baltimore CyberTrust | 1022 // Tests that, on OS X, issues with a cross-certified Baltimore CyberTrust |
1020 // Root can be successfully worked around once Apple completes removing the | 1023 // Root can be successfully worked around once Apple completes removing the |
1021 // older GTE CyberTrust Root from its trusted root store. | 1024 // older GTE CyberTrust Root from its trusted root store. |
1022 // | 1025 // |
1023 // The issue is caused by servers supplying the cross-certified intermediate | 1026 // The issue is caused by servers supplying the cross-certified intermediate |
1024 // (necessary for certain mobile platforms), which OS X does not recognize | 1027 // (necessary for certain mobile platforms), which OS X does not recognize |
1025 // as already existing within its trust store. | 1028 // as already existing within its trust store. |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1126 intermediate_chain_2); | 1129 intermediate_chain_2); |
1127 error = Verify(baltimore_chain_with_root.get(), | 1130 error = Verify(baltimore_chain_with_root.get(), |
1128 "cacert.omniroot.com", | 1131 "cacert.omniroot.com", |
1129 flags, | 1132 flags, |
1130 NULL, | 1133 NULL, |
1131 empty_cert_list_, | 1134 empty_cert_list_, |
1132 &verify_result); | 1135 &verify_result); |
1133 EXPECT_EQ(OK, error); | 1136 EXPECT_EQ(OK, error); |
1134 EXPECT_EQ(0U, verify_result.cert_status); | 1137 EXPECT_EQ(0U, verify_result.cert_status); |
1135 | 1138 |
1139 TestRootCerts::GetInstance()->Clear(); | |
1140 EXPECT_TRUE(TestRootCerts::GetInstance()->IsEmpty()); | |
1136 } | 1141 } |
1137 #endif | 1142 #endif |
1138 | 1143 |
1139 #if defined(USE_NSS) || defined(OS_IOS) || defined(OS_WIN) || defined(OS_MACOSX) | 1144 #if defined(USE_NSS) || defined(OS_IOS) || defined(OS_WIN) || defined(OS_MACOSX) |
1140 static const uint8 kCRLSetLeafSPKIBlocked[] = { | 1145 static const uint8 kCRLSetLeafSPKIBlocked[] = { |
1141 0x8e, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a, | 1146 0x8e, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a, |
1142 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, | 1147 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, |
1143 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22, | 1148 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22, |
1144 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22, | 1149 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22, |
1145 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c, | 1150 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c, |
(...skipping 447 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1593 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID); | 1598 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID); |
1594 } | 1599 } |
1595 } | 1600 } |
1596 | 1601 |
1597 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1602 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1598 VerifyName, | 1603 VerifyName, |
1599 CertVerifyProcNameTest, | 1604 CertVerifyProcNameTest, |
1600 testing::ValuesIn(kVerifyNameData)); | 1605 testing::ValuesIn(kVerifyNameData)); |
1601 | 1606 |
1602 } // namespace net | 1607 } // namespace net |
OLD | NEW |