OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
(...skipping 1242 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1253 error = Verify(leaf.get(), | 1253 error = Verify(leaf.get(), |
1254 "test.example.com", | 1254 "test.example.com", |
1255 flags, | 1255 flags, |
1256 crl_set.get(), | 1256 crl_set.get(), |
1257 empty_cert_list_, | 1257 empty_cert_list_, |
1258 &verify_result); | 1258 &verify_result); |
1259 EXPECT_EQ(ERR_CERT_REVOKED, error); | 1259 EXPECT_EQ(ERR_CERT_REVOKED, error); |
1260 } | 1260 } |
1261 #endif | 1261 #endif |
1262 | 1262 |
| 1263 enum ExpectedAlgorithms { |
| 1264 EXPECT_MD2 = 1 << 0, |
| 1265 EXPECT_MD4 = 1 << 1, |
| 1266 EXPECT_MD5 = 1 << 2, |
| 1267 EXPECT_SHA1 = 1 << 3 |
| 1268 }; |
| 1269 |
1263 struct WeakDigestTestData { | 1270 struct WeakDigestTestData { |
1264 const char* root_cert_filename; | 1271 const char* root_cert_filename; |
1265 const char* intermediate_cert_filename; | 1272 const char* intermediate_cert_filename; |
1266 const char* ee_cert_filename; | 1273 const char* ee_cert_filename; |
1267 bool expected_has_md5; | 1274 int expected_algorithms; |
1268 bool expected_has_md4; | |
1269 bool expected_has_md2; | |
1270 }; | 1275 }; |
1271 | 1276 |
1272 // GTest 'magic' pretty-printer, so that if/when a test fails, it knows how | 1277 // GTest 'magic' pretty-printer, so that if/when a test fails, it knows how |
1273 // to output the parameter that was passed. Without this, it will simply | 1278 // to output the parameter that was passed. Without this, it will simply |
1274 // attempt to print out the first twenty bytes of the object, which depending | 1279 // attempt to print out the first twenty bytes of the object, which depending |
1275 // on platform and alignment, may result in an invalid read. | 1280 // on platform and alignment, may result in an invalid read. |
1276 void PrintTo(const WeakDigestTestData& data, std::ostream* os) { | 1281 void PrintTo(const WeakDigestTestData& data, std::ostream* os) { |
1277 *os << "root: " | 1282 *os << "root: " |
1278 << (data.root_cert_filename ? data.root_cert_filename : "none") | 1283 << (data.root_cert_filename ? data.root_cert_filename : "none") |
1279 << "; intermediate: " << data.intermediate_cert_filename | 1284 << "; intermediate: " << data.intermediate_cert_filename |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1316 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_chain.get()); | 1321 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_chain.get()); |
1317 | 1322 |
1318 int flags = 0; | 1323 int flags = 0; |
1319 CertVerifyResult verify_result; | 1324 CertVerifyResult verify_result; |
1320 int rv = Verify(ee_chain.get(), | 1325 int rv = Verify(ee_chain.get(), |
1321 "127.0.0.1", | 1326 "127.0.0.1", |
1322 flags, | 1327 flags, |
1323 NULL, | 1328 NULL, |
1324 empty_cert_list_, | 1329 empty_cert_list_, |
1325 &verify_result); | 1330 &verify_result); |
1326 EXPECT_EQ(data.expected_has_md5, verify_result.has_md5); | 1331 EXPECT_EQ(!!(data.expected_algorithms & EXPECT_MD2), verify_result.has_md2); |
1327 EXPECT_EQ(data.expected_has_md4, verify_result.has_md4); | 1332 EXPECT_EQ(!!(data.expected_algorithms & EXPECT_MD4), verify_result.has_md4); |
1328 EXPECT_EQ(data.expected_has_md2, verify_result.has_md2); | 1333 EXPECT_EQ(!!(data.expected_algorithms & EXPECT_MD5), verify_result.has_md5); |
| 1334 EXPECT_EQ(!!(data.expected_algorithms & EXPECT_SHA1), verify_result.has_sha1); |
| 1335 |
1329 EXPECT_FALSE(verify_result.is_issued_by_additional_trust_anchor); | 1336 EXPECT_FALSE(verify_result.is_issued_by_additional_trust_anchor); |
1330 | 1337 |
1331 // Ensure that MD4 and MD2 are tagged as invalid. | 1338 // Ensure that MD4 and MD2 are tagged as invalid. |
1332 if (data.expected_has_md4 || data.expected_has_md2) { | 1339 if (data.expected_algorithms & (EXPECT_MD2 | EXPECT_MD4)) { |
1333 EXPECT_EQ(CERT_STATUS_INVALID, | 1340 EXPECT_EQ(CERT_STATUS_INVALID, |
1334 verify_result.cert_status & CERT_STATUS_INVALID); | 1341 verify_result.cert_status & CERT_STATUS_INVALID); |
1335 } | 1342 } |
1336 | 1343 |
1337 // Ensure that MD5 is flagged as weak. | 1344 // Ensure that MD5 is flagged as weak. |
1338 if (data.expected_has_md5) { | 1345 if (data.expected_algorithms & EXPECT_MD5) { |
1339 EXPECT_EQ( | 1346 EXPECT_EQ( |
1340 CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, | 1347 CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, |
1341 verify_result.cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM); | 1348 verify_result.cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM); |
1342 } | 1349 } |
1343 | 1350 |
1344 // If a root cert is present, then check that the chain was rejected if any | 1351 // If a root cert is present, then check that the chain was rejected if any |
1345 // weak algorithms are present. This is only checked when a root cert is | 1352 // weak algorithms are present. This is only checked when a root cert is |
1346 // present because the error reported for incomplete chains with weak | 1353 // present because the error reported for incomplete chains with weak |
1347 // algorithms depends on which implementation was used to validate (NSS, | 1354 // algorithms depends on which implementation was used to validate (NSS, |
1348 // OpenSSL, CryptoAPI, Security.framework) and upon which weak algorithm | 1355 // OpenSSL, CryptoAPI, Security.framework) and upon which weak algorithm |
1349 // present (MD2, MD4, MD5). | 1356 // present (MD2, MD4, MD5). |
1350 if (data.root_cert_filename) { | 1357 if (data.root_cert_filename) { |
1351 if (data.expected_has_md4 || data.expected_has_md2) { | 1358 if (data.expected_algorithms & (EXPECT_MD2 | EXPECT_MD4)) { |
1352 EXPECT_EQ(ERR_CERT_INVALID, rv); | 1359 EXPECT_EQ(ERR_CERT_INVALID, rv); |
1353 } else if (data.expected_has_md5) { | 1360 } else if (data.expected_algorithms & EXPECT_MD5) { |
1354 EXPECT_EQ(ERR_CERT_WEAK_SIGNATURE_ALGORITHM, rv); | 1361 EXPECT_EQ(ERR_CERT_WEAK_SIGNATURE_ALGORITHM, rv); |
1355 } else { | 1362 } else { |
1356 EXPECT_EQ(OK, rv); | 1363 EXPECT_EQ(OK, rv); |
1357 } | 1364 } |
1358 } | 1365 } |
1359 } | 1366 } |
1360 | 1367 |
1361 // Unlike TEST/TEST_F, which are macros that expand to further macros, | 1368 // Unlike TEST/TEST_F, which are macros that expand to further macros, |
1362 // INSTANTIATE_TEST_CASE_P is a macro that expands directly to code that | 1369 // INSTANTIATE_TEST_CASE_P is a macro that expands directly to code that |
1363 // stringizes the arguments. As a result, macros passed as parameters (such as | 1370 // stringizes the arguments. As a result, macros passed as parameters (such as |
1364 // prefix or test_case_name) will not be expanded by the preprocessor. To work | 1371 // prefix or test_case_name) will not be expanded by the preprocessor. To work |
1365 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the | 1372 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the |
1366 // pre-processor will expand macros such as MAYBE_test_name before | 1373 // pre-processor will expand macros such as MAYBE_test_name before |
1367 // instantiating the test. | 1374 // instantiating the test. |
1368 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \ | 1375 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \ |
1369 INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) | 1376 INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) |
1370 | 1377 |
1371 // The signature algorithm of the root CA should not matter. | 1378 // The signature algorithm of the root CA should not matter. |
1372 const WeakDigestTestData kVerifyRootCATestData[] = { | 1379 const WeakDigestTestData kVerifyRootCATestData[] = { |
1373 { "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem", | 1380 { "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem", |
1374 "weak_digest_sha1_ee.pem", false, false, false }, | 1381 "weak_digest_sha1_ee.pem", EXPECT_SHA1 }, |
1375 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1382 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
1376 // MD4 is not supported by OS X / NSS | 1383 // MD4 is not supported by OS X / NSS |
1377 { "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem", | 1384 { "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem", |
1378 "weak_digest_sha1_ee.pem", false, false, false }, | 1385 "weak_digest_sha1_ee.pem", EXPECT_SHA1 }, |
1379 #endif | 1386 #endif |
1380 { "weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem", | 1387 { "weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem", |
1381 "weak_digest_sha1_ee.pem", false, false, false }, | 1388 "weak_digest_sha1_ee.pem", EXPECT_SHA1 }, |
1382 }; | 1389 }; |
1383 INSTANTIATE_TEST_CASE_P(VerifyRoot, CertVerifyProcWeakDigestTest, | 1390 INSTANTIATE_TEST_CASE_P(VerifyRoot, CertVerifyProcWeakDigestTest, |
1384 testing::ValuesIn(kVerifyRootCATestData)); | 1391 testing::ValuesIn(kVerifyRootCATestData)); |
1385 | 1392 |
1386 // The signature algorithm of intermediates should be properly detected. | 1393 // The signature algorithm of intermediates should be properly detected. |
1387 const WeakDigestTestData kVerifyIntermediateCATestData[] = { | 1394 const WeakDigestTestData kVerifyIntermediateCATestData[] = { |
1388 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 1395 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
1389 "weak_digest_sha1_ee.pem", true, false, false }, | 1396 "weak_digest_sha1_ee.pem", EXPECT_MD5 | EXPECT_SHA1 }, |
1390 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1397 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
1391 // MD4 is not supported by OS X / NSS | 1398 // MD4 is not supported by OS X / NSS |
1392 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 1399 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
1393 "weak_digest_sha1_ee.pem", false, true, false }, | 1400 "weak_digest_sha1_ee.pem", EXPECT_MD4 | EXPECT_SHA1 }, |
1394 #endif | 1401 #endif |
1395 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 1402 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
1396 "weak_digest_sha1_ee.pem", false, false, true }, | 1403 "weak_digest_sha1_ee.pem", EXPECT_MD2 | EXPECT_SHA1 }, |
1397 }; | 1404 }; |
1398 // Disabled on NSS - MD4 is not supported, and MD2 and MD5 are disabled. | 1405 // Disabled on NSS - MD4 is not supported, and MD2 and MD5 are disabled. |
1399 #if defined(USE_NSS) || defined(OS_IOS) | 1406 #if defined(USE_NSS) || defined(OS_IOS) |
1400 #define MAYBE_VerifyIntermediate DISABLED_VerifyIntermediate | 1407 #define MAYBE_VerifyIntermediate DISABLED_VerifyIntermediate |
1401 #else | 1408 #else |
1402 #define MAYBE_VerifyIntermediate VerifyIntermediate | 1409 #define MAYBE_VerifyIntermediate VerifyIntermediate |
1403 #endif | 1410 #endif |
1404 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1411 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1405 MAYBE_VerifyIntermediate, | 1412 MAYBE_VerifyIntermediate, |
1406 CertVerifyProcWeakDigestTest, | 1413 CertVerifyProcWeakDigestTest, |
1407 testing::ValuesIn(kVerifyIntermediateCATestData)); | 1414 testing::ValuesIn(kVerifyIntermediateCATestData)); |
1408 | 1415 |
1409 // The signature algorithm of end-entity should be properly detected. | 1416 // The signature algorithm of end-entity should be properly detected. |
1410 const WeakDigestTestData kVerifyEndEntityTestData[] = { | 1417 const WeakDigestTestData kVerifyEndEntityTestData[] = { |
1411 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1418 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
1412 "weak_digest_md5_ee.pem", true, false, false }, | 1419 "weak_digest_md5_ee.pem", EXPECT_MD5 | EXPECT_SHA1 }, |
1413 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1420 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
1414 // MD4 is not supported by OS X / NSS | 1421 // MD4 is not supported by OS X / NSS |
1415 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1422 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
1416 "weak_digest_md4_ee.pem", false, true, false }, | 1423 "weak_digest_md4_ee.pem", EXPECT_MD4 | EXPECT_SHA1 }, |
1417 #endif | 1424 #endif |
1418 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1425 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
1419 "weak_digest_md2_ee.pem", false, false, true }, | 1426 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_SHA1 }, |
1420 }; | 1427 }; |
1421 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot | 1428 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot |
1422 // be cleared until NSS is cleanly shutdown, which is not presently supported | 1429 // be cleared until NSS is cleanly shutdown, which is not presently supported |
1423 // in Chromium. | 1430 // in Chromium. |
1424 #if defined(USE_NSS) || defined(OS_IOS) | 1431 #if defined(USE_NSS) || defined(OS_IOS) |
1425 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity | 1432 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity |
1426 #else | 1433 #else |
1427 #define MAYBE_VerifyEndEntity VerifyEndEntity | 1434 #define MAYBE_VerifyEndEntity VerifyEndEntity |
1428 #endif | 1435 #endif |
1429 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, | 1436 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, |
1430 CertVerifyProcWeakDigestTest, | 1437 CertVerifyProcWeakDigestTest, |
1431 testing::ValuesIn(kVerifyEndEntityTestData)); | 1438 testing::ValuesIn(kVerifyEndEntityTestData)); |
1432 | 1439 |
1433 // Incomplete chains should still report the status of the intermediate. | 1440 // Incomplete chains should still report the status of the intermediate. |
1434 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { | 1441 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { |
1435 { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", | 1442 { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", |
1436 true, false, false }, | 1443 EXPECT_MD5 | EXPECT_SHA1 }, |
1437 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1444 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
1438 // MD4 is not supported by OS X / NSS | 1445 // MD4 is not supported by OS X / NSS |
1439 { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", | 1446 { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", |
1440 false, true, false }, | 1447 EXPECT_MD4 | EXPECT_SHA1 }, |
1441 #endif | 1448 #endif |
1442 { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", | 1449 { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", |
1443 false, false, true }, | 1450 EXPECT_MD2 | EXPECT_SHA1 }, |
1444 }; | 1451 }; |
1445 // Disabled on NSS - libpkix does not return constructed chains on error, | 1452 // Disabled on NSS - libpkix does not return constructed chains on error, |
1446 // preventing us from detecting/inspecting the verified chain. | 1453 // preventing us from detecting/inspecting the verified chain. |
1447 #if defined(USE_NSS) || defined(OS_IOS) | 1454 #if defined(USE_NSS) || defined(OS_IOS) |
1448 #define MAYBE_VerifyIncompleteIntermediate \ | 1455 #define MAYBE_VerifyIncompleteIntermediate \ |
1449 DISABLED_VerifyIncompleteIntermediate | 1456 DISABLED_VerifyIncompleteIntermediate |
1450 #else | 1457 #else |
1451 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate | 1458 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate |
1452 #endif | 1459 #endif |
1453 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1460 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1454 MAYBE_VerifyIncompleteIntermediate, | 1461 MAYBE_VerifyIncompleteIntermediate, |
1455 CertVerifyProcWeakDigestTest, | 1462 CertVerifyProcWeakDigestTest, |
1456 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); | 1463 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); |
1457 | 1464 |
1458 // Incomplete chains should still report the status of the end-entity. | 1465 // Incomplete chains should still report the status of the end-entity. |
1459 const WeakDigestTestData kVerifyIncompleteEETestData[] = { | 1466 const WeakDigestTestData kVerifyIncompleteEETestData[] = { |
1460 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", | 1467 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", |
1461 true, false, false }, | 1468 EXPECT_MD5 | EXPECT_SHA1 }, |
1462 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1469 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
1463 // MD4 is not supported by OS X / NSS | 1470 // MD4 is not supported by OS X / NSS |
1464 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", | 1471 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", |
1465 false, true, false }, | 1472 EXPECT_MD4 | EXPECT_SHA1 }, |
1466 #endif | 1473 #endif |
1467 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", | 1474 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", |
1468 false, false, true }, | 1475 EXPECT_MD2 | EXPECT_SHA1 }, |
1469 }; | 1476 }; |
1470 // Disabled on NSS - libpkix does not return constructed chains on error, | 1477 // Disabled on NSS - libpkix does not return constructed chains on error, |
1471 // preventing us from detecting/inspecting the verified chain. | 1478 // preventing us from detecting/inspecting the verified chain. |
1472 #if defined(USE_NSS) || defined(OS_IOS) | 1479 #if defined(USE_NSS) || defined(OS_IOS) |
1473 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity | 1480 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity |
1474 #else | 1481 #else |
1475 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity | 1482 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity |
1476 #endif | 1483 #endif |
1477 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1484 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1478 MAYBE_VerifyIncompleteEndEntity, | 1485 MAYBE_VerifyIncompleteEndEntity, |
1479 CertVerifyProcWeakDigestTest, | 1486 CertVerifyProcWeakDigestTest, |
1480 testing::ValuesIn(kVerifyIncompleteEETestData)); | 1487 testing::ValuesIn(kVerifyIncompleteEETestData)); |
1481 | 1488 |
1482 // Differing algorithms between the intermediate and the EE should still be | 1489 // Differing algorithms between the intermediate and the EE should still be |
1483 // reported. | 1490 // reported. |
1484 const WeakDigestTestData kVerifyMixedTestData[] = { | 1491 const WeakDigestTestData kVerifyMixedTestData[] = { |
1485 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 1492 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
1486 "weak_digest_md2_ee.pem", true, false, true }, | 1493 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_MD5 }, |
1487 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 1494 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
1488 "weak_digest_md5_ee.pem", true, false, true }, | 1495 "weak_digest_md5_ee.pem", EXPECT_MD2 | EXPECT_MD5 }, |
1489 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1496 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
1490 // MD4 is not supported by OS X / NSS | 1497 // MD4 is not supported by OS X / NSS |
1491 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 1498 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
1492 "weak_digest_md2_ee.pem", false, true, true }, | 1499 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_MD4 }, |
1493 #endif | 1500 #endif |
1494 }; | 1501 }; |
1495 // NSS does not support MD4 and does not enable MD2 by default, making all | 1502 // NSS does not support MD4 and does not enable MD2 by default, making all |
1496 // permutations invalid. | 1503 // permutations invalid. |
1497 #if defined(USE_NSS) || defined(OS_IOS) | 1504 #if defined(USE_NSS) || defined(OS_IOS) |
1498 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 1505 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
1499 #else | 1506 #else |
1500 #define MAYBE_VerifyMixed VerifyMixed | 1507 #define MAYBE_VerifyMixed VerifyMixed |
1501 #endif | 1508 #endif |
1502 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1509 WRAPPED_INSTANTIATE_TEST_CASE_P( |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1563 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID); | 1570 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID); |
1564 } | 1571 } |
1565 } | 1572 } |
1566 | 1573 |
1567 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1574 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1568 VerifyName, | 1575 VerifyName, |
1569 CertVerifyProcNameTest, | 1576 CertVerifyProcNameTest, |
1570 testing::ValuesIn(kVerifyNameData)); | 1577 testing::ValuesIn(kVerifyNameData)); |
1571 | 1578 |
1572 } // namespace net | 1579 } // namespace net |
OLD | NEW |