Chromium Code Reviews Chromium Code Reviews
Issue 2550333003:
Update CertVerifyProcTest.LargeKey for Sierra (Mac OS 10.12) (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 1929 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1940 | 1940 |
| 1941 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1941 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 1942 VerifyName, | 1942 VerifyName, |
| 1943 CertVerifyProcNameTest, | 1943 CertVerifyProcNameTest, |
| 1944 testing::ValuesIn(kVerifyNameData)); | 1944 testing::ValuesIn(kVerifyNameData)); |
| 1945 | 1945 |
| 1946 #if defined(OS_MACOSX) && !defined(OS_IOS) | 1946 #if defined(OS_MACOSX) && !defined(OS_IOS) |
| 1947 // Test that CertVerifyProcMac reacts appropriately when Apple's certificate | 1947 // Test that CertVerifyProcMac reacts appropriately when Apple's certificate |
| 1948 // verifier rejects a certificate with a fatal error. This is a regression | 1948 // verifier rejects a certificate with a fatal error. This is a regression |
| 1949 // test for https://crbug.com/472291. | 1949 // test for https://crbug.com/472291. |
| 1950 // (Since 10.12, this causes a recoverable error instead of a fatal one.) | |
| 1951 // TODO(mattm): Try to find a different way to cause a fatal error that works | |
| 1952 // on 10.12. | |
|
davidben
2016/12/06 19:47:49
Perhaps a certificate with a garbage key type?
mattm
2016/12/06 20:42:45
Thanks for the suggestion. I'll give that a try on
| |
| 1950 TEST_F(CertVerifyProcTest, LargeKey) { | 1953 TEST_F(CertVerifyProcTest, LargeKey) { |
| 1951 // Load root_ca_cert.pem into the test root store. | 1954 // Load root_ca_cert.pem into the test root store. |
| 1952 ScopedTestRoot test_root( | 1955 ScopedTestRoot test_root( |
| 1953 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem").get()); | 1956 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem").get()); |
| 1954 | 1957 |
| 1955 scoped_refptr<X509Certificate> cert( | 1958 scoped_refptr<X509Certificate> cert( |
| 1956 ImportCertFromFile(GetTestCertsDirectory(), "large_key.pem")); | 1959 ImportCertFromFile(GetTestCertsDirectory(), "large_key.pem")); |
| 1957 | 1960 |
| 1958 // Apple's verifier rejects this certificate as invalid because the | 1961 // Apple's verifier rejects this certificate as invalid because the |
| 1959 // RSA key is too large. If a future version of OS X changes this, | 1962 // RSA key is too large. If a future version of OS X changes this, |
| 1960 // large_key.pem may need to be regenerated with a larger key. | 1963 // large_key.pem may need to be regenerated with a larger key. |
| 1961 int flags = 0; | 1964 int flags = 0; |
| 1962 CertVerifyResult verify_result; | 1965 CertVerifyResult verify_result; |
| 1963 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, | 1966 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, |
| 1964 &verify_result); | 1967 &verify_result); |
| 1965 EXPECT_THAT(error, IsError(ERR_CERT_INVALID)); | 1968 EXPECT_THAT(error, IsError(ERR_CERT_INVALID)); |
| 1966 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); | 1969 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); |
| 1967 } | 1970 } |
| 1968 #endif // defined(OS_MACOSX) && !defined(OS_IOS) | 1971 #endif // defined(OS_MACOSX) && !defined(OS_IOS) |
| 1969 | 1972 |
| 1970 // Tests that CertVerifyProc records a histogram correctly when a | 1973 // Tests that CertVerifyProc records a histogram correctly when a |
| 1971 // certificate chaining to a private root contains the TLS feature | 1974 // certificate chaining to a private root contains the TLS feature |
| 1972 // extension and does not have a stapled OCSP response. | 1975 // extension and does not have a stapled OCSP response. |
| 1973 TEST_F(CertVerifyProcTest, HasTLSFeatureExtensionUMA) { | 1976 TEST_F(CertVerifyProcTest, HasTLSFeatureExtensionUMA) { |
| 1974 base::HistogramTester histograms; | 1977 base::HistogramTester histograms; |
| 1975 scoped_refptr<X509Certificate> cert( | 1978 scoped_refptr<X509Certificate> cert( |
| 1976 ImportCertFromFile(GetTestCertsDirectory(), "tls_feature_extension.pem")); | 1979 ImportCertFromFile(GetTestCertsDirectory(), "tls_feature_extension.pem")); |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2062 int flags = 0; | 2065 int flags = 0; |
| 2063 CertVerifyResult verify_result; | 2066 CertVerifyResult verify_result; |
| 2064 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, | 2067 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, |
| 2065 &verify_result); | 2068 &verify_result); |
| 2066 EXPECT_EQ(OK, error); | 2069 EXPECT_EQ(OK, error); |
| 2067 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); | 2070 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); |
| 2068 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); | 2071 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); |
| 2069 } | 2072 } |
| 2070 | 2073 |
| 2071 } // namespace net | 2074 } // namespace net |
| OLD | NEW |
