Update CertVerifyProcTest.LargeKey for Sierra (Mac OS 10.12)

net/cert/cert_verify_proc_unittest.cc

Index: net/cert/cert_verify_proc_unittest.cc
diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc
index 862f7c8690c9be6ef5cbc7bef97c145ca461084b..221368451081e64de0712ac6eeb582139cf59337 100644
--- a/net/cert/cert_verify_proc_unittest.cc
+++ b/net/cert/cert_verify_proc_unittest.cc
@@ -1947,6 +1947,9 @@ WRAPPED_INSTANTIATE_TEST_CASE_P(
 // Test that CertVerifyProcMac reacts appropriately when Apple's certificate
 // verifier rejects a certificate with a fatal error. This is a regression
 // test for https://crbug.com/472291.
+// (Since 10.12, this causes a recoverable error instead of a fatal one.)
+// TODO(mattm): Try to find a different way to cause a fatal error that works
+// on 10.12.

[davidben, 2016/12/06 19:47:49]

Perhaps a certificate with a garbage key type?

[mattm, 2016/12/06 20:42:45]

Thanks for the suggestion. I'll give that a try once I've finished with the
other sierra unittest issues.

 TEST_F(CertVerifyProcTest, LargeKey) {
   // Load root_ca_cert.pem into the test root store.
   ScopedTestRoot test_root(
@@ -1963,7 +1966,7 @@ TEST_F(CertVerifyProcTest, LargeKey) {
   int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_,
                      &verify_result);
   EXPECT_THAT(error, IsError(ERR_CERT_INVALID));
-  EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status);
+  EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID);
 }
 #endif  // defined(OS_MACOSX) && !defined(OS_IOS)