net/url_request/url_request_unittest.cc - Issue 23441005: net: mark cert as revoked if EV revocation check receives revoked response (Win).

Unified Diff: net/url_request/url_request_unittest.cc

Issue 23441005: net: mark cert as revoked if EV revocation check receives revoked response (Win). (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: g try Created 7 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/url_request/url_request_unittest.cc

diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc

index 13462ff18bdbe5419af83f5d8e55a32adfe21e6d..3133ef6a50e07871eb24a91b306934e07615f5e7 100644

--- a/net/url_request/url_request_unittest.cc

+++ b/net/url_request/url_request_unittest.cc

@@ -5727,6 +5727,34 @@ TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) {

static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED));

}

+TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndRevokedOCSP) {

+ if (!SystemSupportsOCSP()) {

+ LOG(WARNING) << "Skipping test because system doesn't support OCSP";

+ return;

+ }

+ SpawnedTestServer::SSLOptions ssl_options(

+ SpawnedTestServer::SSLOptions::CERT_AUTO);

+ ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_REVOKED;

+ SSLConfigService::SetCRLSet(scoped_refptr<CRLSet>());

+ CertStatus cert_status;

+ DoConnection(ssl_options, &cert_status);

+ // Currently only works for Windows. For NSS we request a hard-fail check for

+ // EV OCSP but then cannot tell whether the check failed because of a revoked

+ // response, or an OCSP failure.

Ryan Sleevi 2013/08/28 19:23:11 comment nit: ever trying to reduce the pronoun usa

wtc 2013/08/28 23:58:42 Perhaps for NSS we can first request a soft-fail c

agl 2013/08/29 16:46:59 Updated comment.

agl 2013/08/29 16:46:59 That means that we would be making two OCSP reques

+#if defined(OS_WIN)

+ EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);

+#else

+ EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);

+#endif

+ EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);

+ EXPECT_EQ(SystemUsesChromiumEVMetadata(),

+ static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED));

TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndGoodOCSP) {

if (!SystemSupportsOCSP()) {

LOG(WARNING) << "Skipping test because system doesn't support OCSP";

« net/cert/cert_verify_proc_win.cc ('K') | « net/cert/cert_verify_proc_win.cc ('k') | no next file » | no next file with comments »