| Index: net/cert/cert_verify_proc_unittest.cc
|
| diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc
|
| index a53d10a0845c710cbedc87c898f0a884729dd862..3286c77ee0280ef3b25b23c5535839c438ea2b0b 100644
|
| --- a/net/cert/cert_verify_proc_unittest.cc
|
| +++ b/net/cert/cert_verify_proc_unittest.cc
|
| @@ -245,7 +245,6 @@ TEST_F(CertVerifyProcTest, MAYBE_IntermediateCARequireExplicitPolicy) {
|
| EXPECT_EQ(0u, verify_result.cert_status);
|
| }
|
|
|
| -
|
| // Test for bug 58437.
|
| // This certificate will expire on 2011-12-21. The test will still
|
| // pass if error == ERR_CERT_DATE_INVALID.
|
| @@ -1356,4 +1355,67 @@ WRAPPED_INSTANTIATE_TEST_CASE_P(
|
| CertVerifyProcWeakDigestTest,
|
| testing::ValuesIn(kVerifyMixedTestData));
|
|
|
| +static const struct CertVerifyProcNameData {
|
| + const char* hostname;
|
| + bool valid;
|
| +} kVerifyNameData[] = {
|
| + { "127.0.0.1", false }, // Don't match the common name
|
| + { "127.0.0.2", true }, // Matches the iPAddress SAN (IPv4)
|
| + { "FE80:0:0:0:0:0:0:1", true }, // Matches the iPAddress SAN (IPv6)
|
| + { "[FE80:0:0:0:0:0:0:1]", false }, // Should not match the iPAddress SAN
|
| + { "FE80::1", true }, // Compressed form matches the iPAddress SAN (IPv6)
|
| + { "::127.0.0.2", false }, // IPv6 mapped form should NOT match iPAddress SAN
|
| + { "test.example", true }, // Matches the dNSName SAN
|
| + { "test.example.", true }, // Matches the dNSName SAN (trailing . ignored)
|
| + { "www.test.example", false }, // Should not match the dNSName SAN
|
| + { "test..example", false }, // Should not match the dNSName SAN
|
| + { "test.example..", false }, // Should not match the dNSName SAN
|
| + { ".test.example.", false }, // Should not match the dNSName SAN
|
| + { ".test.example", false }, // Should not match the dNSName SAN
|
| +};
|
| +
|
| +// GTest 'magic' pretty-printer, so that if/when a test fails, it knows how
|
| +// to output the parameter that was passed. Without this, it will simply
|
| +// attempt to print out the first twenty bytes of the object, which depending
|
| +// on platform and alignment, may result in an invalid read.
|
| +void PrintTo(const CertVerifyProcNameData& data, std::ostream* os) {
|
| + *os << "Hostname: " << data.hostname << "; valid=" << data.valid;
|
| +}
|
| +
|
| +class CertVerifyProcNameTest
|
| + : public CertVerifyProcTest,
|
| + public testing::WithParamInterface<CertVerifyProcNameData> {
|
| + public:
|
| + CertVerifyProcNameTest() {}
|
| + virtual ~CertVerifyProcNameTest() {}
|
| +};
|
| +
|
| +TEST_P(CertVerifyProcNameTest, VerifyCertName) {
|
| + CertVerifyProcNameData data = GetParam();
|
| +
|
| + CertificateList cert_list = CreateCertificateListFromFile(
|
| + GetTestCertsDirectory(), "subjectAltName_sanity_check.pem",
|
| + X509Certificate::FORMAT_AUTO);
|
| + ASSERT_EQ(1U, cert_list.size());
|
| + scoped_refptr<X509Certificate> cert(cert_list[0]);
|
| +
|
| + ScopedTestRoot scoped_root(cert.get());
|
| +
|
| + CertVerifyResult verify_result;
|
| + int error = Verify(cert.get(), data.hostname, 0, NULL, empty_cert_list_,
|
| + &verify_result);
|
| + if (data.valid) {
|
| + EXPECT_EQ(OK, error);
|
| + EXPECT_FALSE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);
|
| + } else {
|
| + EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error);
|
| + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);
|
| + }
|
| +}
|
| +
|
| +WRAPPED_INSTANTIATE_TEST_CASE_P(
|
| + VerifyName,
|
| + CertVerifyProcNameTest,
|
| + testing::ValuesIn(kVerifyNameData));
|
| +
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 22893021:
Normalize certificate name verification across all platforms (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src