| Index: net/url_request/url_request_unittest.cc
|
| diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
|
| index 057900a9c7b392bc2ae4c5f47f7051a813d7700a..31657cb3d4407ea3836fff75080075de4ad9a174 100644
|
| --- a/net/url_request/url_request_unittest.cc
|
| +++ b/net/url_request/url_request_unittest.cc
|
| @@ -9052,7 +9052,7 @@ class HTTPSOCSPTest : public HTTPSRequestTest {
|
| };
|
|
|
| static CertStatus ExpectedCertStatusForFailedOnlineRevocationCheck() {
|
| -#if defined(OS_WIN)
|
| +#if defined(OS_WIN) || defined(OS_MACOSX)
|
| // Windows can return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION but we don't
|
| // have that ability on other platforms.
|
| return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
|
| @@ -9093,6 +9093,19 @@ static bool SystemUsesChromiumEVMetadata() {
|
| #endif
|
| }
|
|
|
| +// Returns the expected CertStatus for tests that expect an online revocation
|
| +// check failure as a result of checking a test EV cert, which will not
|
| +// actually trigger an online revocation check on some platforms.
|
| +static CertStatus ExpectedCertStatusForFailedOnlineEVRevocationCheck() {
|
| + if (SystemUsesChromiumEVMetadata()) {
|
| + return ExpectedCertStatusForFailedOnlineRevocationCheck();
|
| + } else {
|
| + // If SystemUsesChromiumEVMetadata is false, revocation checking will not
|
| + // be enabled, and thus there will not be a revocation check to fail.
|
| + return 0u;
|
| + }
|
| +}
|
| +
|
| static bool SystemSupportsOCSP() {
|
| #if defined(OS_ANDROID)
|
| // TODO(jnd): http://crbug.com/117478 - EV verification is not yet supported.
|
| @@ -9144,10 +9157,7 @@ TEST_F(HTTPSOCSPTest, Revoked) {
|
| CertStatus cert_status;
|
| DoConnection(ssl_options, &cert_status);
|
|
|
| -#if !(defined(OS_MACOSX) && !defined(OS_IOS))
|
| - // Doesn't pass on OS X yet for reasons that need to be investigated.
|
| EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
|
| -#endif
|
| EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
|
| EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
|
| }
|
| @@ -9654,7 +9664,7 @@ TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) {
|
| CertStatus cert_status;
|
| DoConnection(ssl_options, &cert_status);
|
|
|
| - EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
|
| + EXPECT_EQ(ExpectedCertStatusForFailedOnlineEVRevocationCheck(),
|
| cert_status & CERT_STATUS_ALL_ERRORS);
|
|
|
| EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
|
| @@ -9728,7 +9738,7 @@ TEST_F(HTTPSEVCRLSetTest, ExpiredCRLSet) {
|
| CertStatus cert_status;
|
| DoConnection(ssl_options, &cert_status);
|
|
|
| - EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
|
| + EXPECT_EQ(ExpectedCertStatusForFailedOnlineEVRevocationCheck(),
|
| cert_status & CERT_STATUS_ALL_ERRORS);
|
|
|
| EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
|
| @@ -9781,7 +9791,7 @@ TEST_F(HTTPSEVCRLSetTest, FreshCRLSetNotCovered) {
|
| // Even with a fresh CRLSet, we should still do online revocation checks when
|
| // the certificate chain isn't covered by the CRLSet, which it isn't in this
|
| // test.
|
| - EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
|
| + EXPECT_EQ(ExpectedCertStatusForFailedOnlineEVRevocationCheck(),
|
| cert_status & CERT_STATUS_ALL_ERRORS);
|
|
|
| EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
|
|
|
Chromium Code Reviews
Issue 2101303005:
CertVerifyProcMac: Add Keychain re-ordering hack, check CRLsets in path pruning loop. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master