Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2201)

Unified Diff: net/cert/cert_verify_proc_unittest.cc

Issue 2772283004: De-prioritize 2.23.140.1.1 when searching for EV policy. (Closed)
Patch Set: fix win compile Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/cert_verify_proc_win.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verify_proc_unittest.cc
diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc
index fb6d5bbcc17e7e72bfe716d3c7b520be497cfa1b..c59c246f5fecc8736f38b0e039991d46be5ef28f 100644
--- a/net/cert/cert_verify_proc_unittest.cc
+++ b/net/cert/cert_verify_proc_unittest.cc
@@ -273,6 +273,14 @@ class CertVerifyProcInternalTest
verify_proc_type() == CERT_VERIFY_PROC_NSS;
}
+ bool SupportsEV() const {
+ // TODO(crbug.com/649017): CertVerifyProcBuiltin does not support EV.
+ // TODO(crbug.com/117478): Android and iOS do not support EV.
+ return verify_proc_type() == CERT_VERIFY_PROC_NSS ||
+ verify_proc_type() == CERT_VERIFY_PROC_WIN ||
+ verify_proc_type() == CERT_VERIFY_PROC_MAC;
+ }
+
CertVerifyProc* verify_proc() const { return verify_proc_.get(); }
private:
@@ -287,10 +295,7 @@ INSTANTIATE_TEST_CASE_P(,
// TODO(rsleevi): Reenable this test once comodo.chaim.pem is no longer
// expired, http://crbug.com/502818
TEST_P(CertVerifyProcInternalTest, DISABLED_EVVerification) {
- if (verify_proc_type() == CERT_VERIFY_PROC_ANDROID ||
- verify_proc_type() == CERT_VERIFY_PROC_OPENSSL) {
- // TODO(jnd): http://crbug.com/117478 - EV verification is not yet
- // supported.
+ if (!SupportsEV()) {
LOG(INFO) << "Skipping test as EV verification is not yet supported";
return;
}
@@ -310,6 +315,39 @@ TEST_P(CertVerifyProcInternalTest, DISABLED_EVVerification) {
EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
}
+// Tests that a certificate is recognized as EV, when the valid EV policy OID
+// for the trust anchor is the second candidate EV oid in the target
+// certificate. This is a regression test for crbug.com/705285.
+TEST_P(CertVerifyProcInternalTest, EVVerificationMultipleOID) {
+ if (!SupportsEV()) {
+ LOG(INFO) << "Skipping test as EV verification is not yet supported";
+ return;
+ }
+
+ // TODO(eroman): Update this test to use a synthetic certificate, so the test
+ // does not break in the future. The certificate chain in question expires on
+ // Dec 22 23:59:59 2018 GMT 2018, at which point this test will start failing.
+ if (base::Time::Now() >
+ base::Time::UnixEpoch() + base::TimeDelta::FromSeconds(1545523199)) {
+ FAIL() << "This test uses a certificate chain which is now expired. Please "
+ "disable and file a bug.";
+ return;
+ }
+
+ scoped_refptr<X509Certificate> chain = CreateCertificateChainFromFile(
+ GetTestCertsDirectory(), "trustcenter.websecurity.symantec.com.pem",
+ X509Certificate::FORMAT_PEM_CERT_SEQUENCE);
+ ASSERT_TRUE(chain);
+
+ scoped_refptr<CRLSet> crl_set(CRLSet::ForTesting(false, NULL, ""));
+ CertVerifyResult verify_result;
+ int flags = CertVerifier::VERIFY_EV_CERT;
+ int error = Verify(chain.get(), "trustcenter.websecurity.symantec.com", flags,
+ crl_set.get(), CertificateList(), &verify_result);
+ EXPECT_THAT(error, IsOk());
+ EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
+}
+
// TODO(crbug.com/605457): the test expectation was incorrect on some
// configurations, so disable the test until it is fixed (better to have
// a bug to track a failing test than a false sense of security due to
« no previous file with comments | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/cert_verify_proc_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698