net/cert/internal/verify_certificate_chain_pkits_unittest.cc - Issue 2225493003: Don't treat trust anchors as certificates during path building.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/internal/verify_certificate_chain_pkits_unittest.cc

Issue 2225493003: Don't treat trust anchors as certificates during path building. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Replace TODO(eroman) with TODO(crbug.com/635200) Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« net/cert/internal/trust_store.cc ('K') | « net/cert/internal/verify_certificate_chain.cc ('k') | net/cert/internal/verify_certificate_chain_typed_unittest.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/cert/internal/verify_certificate_chain_pkits_unittest.cc

diff --git a/net/cert/internal/verify_certificate_chain_pkits_unittest.cc b/net/cert/internal/verify_certificate_chain_pkits_unittest.cc

index 33a11562ad1be4593e1c78cfd488b937bb564ea2..5055a8a240f86ad32fd7a40bf1a859502506c0f2 100644

--- a/net/cert/internal/verify_certificate_chain_pkits_unittest.cc

+++ b/net/cert/internal/verify_certificate_chain_pkits_unittest.cc

@@ -53,7 +53,7 @@ class VerifyCertificateChainPkitsTestDelegate {

return false;

}

- // PKITS lists chains from trust anchor to target, VerifyCertificateChain

+ // PKITS lists chains from trust anchor to target, VerifyCertificateChainXXX

mattm 2016/08/09 00:59:21 ?

eroman 2016/08/09 01:37:20 Fixed (Left over note, thanks for spotting).

// takes them starting with the target and not including the trust anchor.

std::vector<scoped_refptr<net::ParsedCertificate>> input_chain;

for (auto i = cert_ders.rbegin(); i != cert_ders.rend(); ++i) {

@@ -66,16 +66,17 @@ class VerifyCertificateChainPkitsTestDelegate {

}

- TrustStore trust_store;

- trust_store.AddTrustedCertificate(input_chain.back());

+ auto trust_anchor =

+ TrustAnchor::CreateFromCertificateNoConstraints(input_chain.back());

+ input_chain.pop_back();

SimpleSignaturePolicy signature_policy(1024);

// Run all tests at the time the PKITS was published.

der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0};

- return VerifyCertificateChainAssumingTrustedRoot(input_chain, trust_store,

- &signature_policy, time);

+ return VerifyCertificateChain(input_chain, trust_anchor.get(),

+ &signature_policy, time);

}

};