Update CertVerifyProcTest.RejectWeakKeys for Sierra (Mac OS 10.12)

Update CertVerifyProcTest.RejectWeakKeys for Sierra (Mac OS 10.12)

Starting with Mac OS 10.12, weak keys result in a kSecTrustResultRecoverableTrustFailure with a CSSMERR_TP_INVALID_CERTIFICATE result code and CSSMERR_TP_INVALID_CERTIFICATE chain status codes. This results in a CERT_STATUS_INVALID result of VerifyInternal, but the os-independent ExaminePublicKeys function still adds CERT_STATUS_WEAK_KEY.
(Previously they were a kSecTrustResultRecoverableTrustFailure with a CSSMERR_TP_VERIFY_ACTION_FAILED result code and CSSMERR_CSP_UNSUPPORTED_KEY_SIZE chain status codes, so VerifyInternal could directly map that to CERT_STATUS_WEAK_KEY.)

BUG=629712
Committed: https://crrev.com/c74f2ca3e10529dc7a17eaa0bbcb0c1f8876029b
Cr-Commit-Position: refs/heads/master@{#436823}

[mattm, 2016-12-06 23:11:15]

The CQ bit was checked by mattm@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-06 23:12:11]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[mattm, 2016-12-06 23:15:16]

mattm@chromium.org changed reviewers:
+ davidben@chromium.org

[commit-bot: I haz the power, 2016-12-07 00:04:30]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-07 00:04:31]

Dry run: This issue passed the CQ dry run.

[davidben, 2016-12-07 01:12:45]

lgtm

What exactly is the point of having so complicated of a return type out of our
certificate verifiers if we keep having to change it all the time anyway...

[mattm, 2016-12-07 01:23:08]

The CQ bit was checked by mattm@chromium.org

[commit-bot: I haz the power, 2016-12-07 01:23:42]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-07 01:33:12]

CQ is committing da patch.

Bot data: {"patchset_id": 1, "attempt_start_ts": 1481073788164960, "parent_rev":
"ddfa1308c8f539fcb23f9277606b58bca1adacf5", "commit_rev":
"46a52b5dd3916f7da08a054ebdc8e8c171c606b8"}

[commit-bot: I haz the power, 2016-12-07 01:33:44]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-12-07 01:35:58]

Description was changed from

==========
Update CertVerifyProcTest.RejectWeakKeys for Sierra (Mac OS 10.12)

Starting with Mac OS 10.12, weak keys result in a
kSecTrustResultRecoverableTrustFailure with a CSSMERR_TP_INVALID_CERTIFICATE
result code and CSSMERR_TP_INVALID_CERTIFICATE chain status codes. This results
in a CERT_STATUS_INVALID result of VerifyInternal, but the os-independent
ExaminePublicKeys function still adds CERT_STATUS_WEAK_KEY.
(Previously they were a kSecTrustResultRecoverableTrustFailure with a
CSSMERR_TP_VERIFY_ACTION_FAILED result code and CSSMERR_CSP_UNSUPPORTED_KEY_SIZE
chain status codes, so VerifyInternal could directly map that to
CERT_STATUS_WEAK_KEY.)

BUG=629712
==========

to

==========
Update CertVerifyProcTest.RejectWeakKeys for Sierra (Mac OS 10.12)

Starting with Mac OS 10.12, weak keys result in a
kSecTrustResultRecoverableTrustFailure with a CSSMERR_TP_INVALID_CERTIFICATE
result code and CSSMERR_TP_INVALID_CERTIFICATE chain status codes. This results
in a CERT_STATUS_INVALID result of VerifyInternal, but the os-independent
ExaminePublicKeys function still adds CERT_STATUS_WEAK_KEY.
(Previously they were a kSecTrustResultRecoverableTrustFailure with a
CSSMERR_TP_VERIFY_ACTION_FAILED result code and CSSMERR_CSP_UNSUPPORTED_KEY_SIZE
chain status codes, so VerifyInternal could directly map that to
CERT_STATUS_WEAK_KEY.)

BUG=629712

Committed: https://crrev.com/c74f2ca3e10529dc7a17eaa0bbcb0c1f8876029b
Cr-Commit-Position: refs/heads/master@{#436823}
==========

[commit-bot: I haz the power, 2016-12-07 01:35:59]

Patchset 1 (id:??) landed as
https://crrev.com/c74f2ca3e10529dc7a17eaa0bbcb0c1f8876029b
Cr-Commit-Position: refs/heads/master@{#436823}