Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(215)

Side by Side Diff: net/cert/cert_verify_proc_unittest.cc

Issue 2550333003: Update CertVerifyProcTest.LargeKey for Sierra (Mac OS 10.12) (Closed)
Patch Set: Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc.h" 5 #include "net/cert/cert_verify_proc.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/callback_helpers.h" 9 #include "base/callback_helpers.h"
10 #include "base/files/file_path.h" 10 #include "base/files/file_path.h"
(...skipping 1929 matching lines...) Expand 10 before | Expand all | Expand 10 after
1940 1940
1941 WRAPPED_INSTANTIATE_TEST_CASE_P( 1941 WRAPPED_INSTANTIATE_TEST_CASE_P(
1942 VerifyName, 1942 VerifyName,
1943 CertVerifyProcNameTest, 1943 CertVerifyProcNameTest,
1944 testing::ValuesIn(kVerifyNameData)); 1944 testing::ValuesIn(kVerifyNameData));
1945 1945
1946 #if defined(OS_MACOSX) && !defined(OS_IOS) 1946 #if defined(OS_MACOSX) && !defined(OS_IOS)
1947 // Test that CertVerifyProcMac reacts appropriately when Apple's certificate 1947 // Test that CertVerifyProcMac reacts appropriately when Apple's certificate
1948 // verifier rejects a certificate with a fatal error. This is a regression 1948 // verifier rejects a certificate with a fatal error. This is a regression
1949 // test for https://crbug.com/472291. 1949 // test for https://crbug.com/472291.
1950 // (Since 10.12, this causes a recoverable error instead of a fatal one.)
1951 // TODO(mattm): Try to find a different way to cause a fatal error that works
1952 // on 10.12.
davidben 2016/12/06 19:47:49 Perhaps a certificate with a garbage key type?
mattm 2016/12/06 20:42:45 Thanks for the suggestion. I'll give that a try on
1950 TEST_F(CertVerifyProcTest, LargeKey) { 1953 TEST_F(CertVerifyProcTest, LargeKey) {
1951 // Load root_ca_cert.pem into the test root store. 1954 // Load root_ca_cert.pem into the test root store.
1952 ScopedTestRoot test_root( 1955 ScopedTestRoot test_root(
1953 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem").get()); 1956 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem").get());
1954 1957
1955 scoped_refptr<X509Certificate> cert( 1958 scoped_refptr<X509Certificate> cert(
1956 ImportCertFromFile(GetTestCertsDirectory(), "large_key.pem")); 1959 ImportCertFromFile(GetTestCertsDirectory(), "large_key.pem"));
1957 1960
1958 // Apple's verifier rejects this certificate as invalid because the 1961 // Apple's verifier rejects this certificate as invalid because the
1959 // RSA key is too large. If a future version of OS X changes this, 1962 // RSA key is too large. If a future version of OS X changes this,
1960 // large_key.pem may need to be regenerated with a larger key. 1963 // large_key.pem may need to be regenerated with a larger key.
1961 int flags = 0; 1964 int flags = 0;
1962 CertVerifyResult verify_result; 1965 CertVerifyResult verify_result;
1963 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, 1966 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_,
1964 &verify_result); 1967 &verify_result);
1965 EXPECT_THAT(error, IsError(ERR_CERT_INVALID)); 1968 EXPECT_THAT(error, IsError(ERR_CERT_INVALID));
1966 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); 1969 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID);
1967 } 1970 }
1968 #endif // defined(OS_MACOSX) && !defined(OS_IOS) 1971 #endif // defined(OS_MACOSX) && !defined(OS_IOS)
1969 1972
1970 // Tests that CertVerifyProc records a histogram correctly when a 1973 // Tests that CertVerifyProc records a histogram correctly when a
1971 // certificate chaining to a private root contains the TLS feature 1974 // certificate chaining to a private root contains the TLS feature
1972 // extension and does not have a stapled OCSP response. 1975 // extension and does not have a stapled OCSP response.
1973 TEST_F(CertVerifyProcTest, HasTLSFeatureExtensionUMA) { 1976 TEST_F(CertVerifyProcTest, HasTLSFeatureExtensionUMA) {
1974 base::HistogramTester histograms; 1977 base::HistogramTester histograms;
1975 scoped_refptr<X509Certificate> cert( 1978 scoped_refptr<X509Certificate> cert(
1976 ImportCertFromFile(GetTestCertsDirectory(), "tls_feature_extension.pem")); 1979 ImportCertFromFile(GetTestCertsDirectory(), "tls_feature_extension.pem"));
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
2062 int flags = 0; 2065 int flags = 0;
2063 CertVerifyResult verify_result; 2066 CertVerifyResult verify_result;
2064 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, 2067 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_,
2065 &verify_result); 2068 &verify_result);
2066 EXPECT_EQ(OK, error); 2069 EXPECT_EQ(OK, error);
2067 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); 2070 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0);
2068 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); 2071 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0);
2069 } 2072 }
2070 2073
2071 } // namespace net 2074 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698