| Index: net/url_request/url_request_unittest.cc
|
| diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
|
| index fece0535e440c5cfb195723c2d0f4aaaefeac5d2..32d23a629fdd2f7d6b1e2c146a04d91a38ef468f 100644
|
| --- a/net/url_request/url_request_unittest.cc
|
| +++ b/net/url_request/url_request_unittest.cc
|
| @@ -9006,7 +9006,7 @@ class HTTPSOCSPTest : public HTTPSRequestTest {
|
| };
|
|
|
| static CertStatus ExpectedCertStatusForFailedOnlineRevocationCheck() {
|
| -#if defined(OS_WIN)
|
| +#if defined(OS_WIN) || defined(OS_MACOSX)
|
| // Windows can return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION but we don't
|
| // have that ability on other platforms.
|
| return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
|
| @@ -9047,6 +9047,19 @@ static bool SystemUsesChromiumEVMetadata() {
|
| #endif
|
| }
|
|
|
| +// Returns the expected CertStatus for tests that expect an online revocation
|
| +// check failure as a result of checking a test EV cert, which will not
|
| +// actually trigger an online revocation check on some platforms.
|
| +static CertStatus ExpectedCertStatusForFailedOnlineEVRevocationCheck() {
|
| + if (SystemUsesChromiumEVMetadata()) {
|
| + return ExpectedCertStatusForFailedOnlineRevocationCheck();
|
| + } else {
|
| + // If SystemUsesChromiumEVMetadata is false, revocation checking will not
|
| + // be enabled, and thus there will not be a revocation check to fail.
|
| + return 0u;
|
| + }
|
| +}
|
| +
|
| static bool SystemSupportsOCSP() {
|
| #if defined(OS_ANDROID)
|
| // TODO(jnd): http://crbug.com/117478 - EV verification is not yet supported.
|
| @@ -9098,10 +9111,7 @@ TEST_F(HTTPSOCSPTest, Revoked) {
|
| CertStatus cert_status;
|
| DoConnection(ssl_options, &cert_status);
|
|
|
| -#if !(defined(OS_MACOSX) && !defined(OS_IOS))
|
| - // Doesn't pass on OS X yet for reasons that need to be investigated.
|
| EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
|
| -#endif
|
| EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
|
| EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
|
| }
|
| @@ -9608,7 +9618,7 @@ TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) {
|
| CertStatus cert_status;
|
| DoConnection(ssl_options, &cert_status);
|
|
|
| - EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
|
| + EXPECT_EQ(ExpectedCertStatusForFailedOnlineEVRevocationCheck(),
|
| cert_status & CERT_STATUS_ALL_ERRORS);
|
|
|
| EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
|
| @@ -9682,7 +9692,7 @@ TEST_F(HTTPSEVCRLSetTest, ExpiredCRLSet) {
|
| CertStatus cert_status;
|
| DoConnection(ssl_options, &cert_status);
|
|
|
| - EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
|
| + EXPECT_EQ(ExpectedCertStatusForFailedOnlineEVRevocationCheck(),
|
| cert_status & CERT_STATUS_ALL_ERRORS);
|
|
|
| EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
|
| @@ -9735,7 +9745,7 @@ TEST_F(HTTPSEVCRLSetTest, FreshCRLSetNotCovered) {
|
| // Even with a fresh CRLSet, we should still do online revocation checks when
|
| // the certificate chain isn't covered by the CRLSet, which it isn't in this
|
| // test.
|
| - EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
|
| + EXPECT_EQ(ExpectedCertStatusForFailedOnlineEVRevocationCheck(),
|
| cert_status & CERT_STATUS_ALL_ERRORS);
|
|
|
| EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
|
|
|
Chromium Code Reviews
Issue 2362533002:
Try #2: CertVerifyProcMac: Add Keychain re-ordering hack, check CRLsets in path pruning loop. (Closed)
