| Index: net/data/verify_certificate_chain_unittest/generate-expired-constrained-root.py
|
| diff --git a/net/data/verify_certificate_chain_unittest/generate-expired-root.py b/net/data/verify_certificate_chain_unittest/generate-expired-constrained-root.py
|
| similarity index 83%
|
| copy from net/data/verify_certificate_chain_unittest/generate-expired-root.py
|
| copy to net/data/verify_certificate_chain_unittest/generate-expired-constrained-root.py
|
| index 12115a1828e7420b400f81f463ba473a23f67fe0..9abbe9d63728f044fb6911a7745a9aeb18b64984 100755
|
| --- a/net/data/verify_certificate_chain_unittest/generate-expired-root.py
|
| +++ b/net/data/verify_certificate_chain_unittest/generate-expired-constrained-root.py
|
| @@ -4,8 +4,9 @@
|
| # found in the LICENSE file.
|
|
|
| """Certificate chain with 1 intermediate, where the root certificate is expired
|
| -(violates validity.notAfter). Verification is expected to succeed as
|
| -constraints on trust anchors are not enforced.."""
|
| +(violates validity.notAfter). Verification is expected to succeed even though
|
| +the trust anchor is initialized with anchor constraints, since validity is
|
| +not enforced."""
|
|
|
| import common
|
|
|
| @@ -23,11 +24,10 @@ target = common.create_end_entity_certificate('Target', intermediate)
|
| target.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
|
|
|
| chain = [target, intermediate]
|
| -trusted = common.TrustAnchor(root, constrained=False)
|
| +trusted = common.TrustAnchor(root, constrained=True)
|
|
|
| # Both the target and intermediate are valid at this time, however the
|
| -# root is not. This doesn't matter since the root certificate is
|
| -# just a delivery mechanism for the name + SPKI.
|
| +# root is not.
|
| time = common.MARCH_2_2015_UTC
|
| verify_result = True
|
|
|
|
|
Chromium Code Reviews
Issue 2245643004:
Support trust anchor constraints, by specifying them as a certificate. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master