Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(30)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-root.py

Issue 2225493003: Don't treat trust anchors as certificates during path building. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: address moar feedback Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/data/verify_certificate_chain_unittest/generate-expired-root.py ('k') | net/data/verify_certificate_chain_unittest/violates-pathlen-1-root.pem » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/usr/bin/python 1 #!/usr/bin/python
2 # Copyright (c) 2016 The Chromium Authors. All rights reserved. 2 # Copyright (c) 2016 The Chromium Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be 3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file. 4 # found in the LICENSE file.
5 5
6 """Certificate chain with 2 intermediates and one end entity certificate. The 6 """Certificate chain with 2 intermediates and one end entity certificate. The
7 root certificate has a pathlen:1 restriction so this is an invalid chain.""" 7 root certificate has a pathlen:1 restriction. Ordinarily this would be an
8 invalid chain, however constraints on trust anchors are not validated."""
8 9
9 import common 10 import common
10 11
11 # Self-signed root certificate (part of trust store). 12 # Self-signed root certificate (part of trust store).
12 root = common.create_self_signed_root_certificate('Root') 13 root = common.create_self_signed_root_certificate('Root')
13 root.get_extensions().set_property('basicConstraints', 14 root.get_extensions().set_property('basicConstraints',
14 'critical,CA:true,pathlen:1') 15 'critical,CA:true,pathlen:1')
15 16
16 # Intermediate 1 (no pathlen restriction). 17 # Intermediate 1 (no pathlen restriction).
17 intermediate1 = common.create_intermediate_certificate('Intermediate1', root) 18 intermediate1 = common.create_intermediate_certificate('Intermediate1', root)
18 19
19 # Intermediate 2 (no pathlen restriction). 20 # Intermediate 2 (no pathlen restriction).
20 intermediate2 = common.create_intermediate_certificate('Intermediate2', 21 intermediate2 = common.create_intermediate_certificate('Intermediate2',
21 intermediate1) 22 intermediate1)
22 23
23 # Target certificate. 24 # Target certificate.
24 target = common.create_end_entity_certificate('Target', intermediate2) 25 target = common.create_end_entity_certificate('Target', intermediate2)
25 26
26 chain = [target, intermediate2, intermediate1] 27 chain = [target, intermediate2, intermediate1]
27 trusted = [root] 28 trusted = [root]
28 time = common.DEFAULT_TIME 29 time = common.DEFAULT_TIME
29 verify_result = False 30 verify_result = True
30 31
31 common.write_test_file(__doc__, chain, trusted, time, verify_result) 32 common.write_test_file(__doc__, chain, trusted, time, verify_result)
OLDNEW
« no previous file with comments | « net/data/verify_certificate_chain_unittest/generate-expired-root.py ('k') | net/data/verify_certificate_chain_unittest/violates-pathlen-1-root.pem » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698