net/cert/cert_verify_proc_unittest.cc - Issue 949633002: Include both certificate chains in invalid cert reporting

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/cert_verify_proc_unittest.cc

Issue 949633002: Include both certificate chains in invalid cert reporting (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: add a comment to cert logger pb Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/cert_verify_proc_unittest.cc

diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc

index bb90923055f5cb804cce6043776d1cddf172e3ff..4c5bfd76f8f2b23ec50e6e0f6018a0a779900e87 100644

--- a/net/cert/cert_verify_proc_unittest.cc

+++ b/net/cert/cert_verify_proc_unittest.cc

@@ -854,7 +854,8 @@ TEST_F(CertVerifyProcTest, IntranetHostsRejected) {

// certificates that are not ordered from end-entity to root. While this is

// a protocol violation if sent during a TLS handshake, if multiple sources

// of intermediate certificates are combined, it's possible that order may

-// not be maintained.

+// not be maintained. Also test that the chain as received by the client is

+// present in the |unverified_server_cert| field of CertVerifyResult.

TEST_F(CertVerifyProcTest, VerifyReturnChainProperlyOrdered) {

if (!SupportsReturningVerifiedChain()) {

LOG(INFO) << "Skipping this test in this platform.";

@@ -904,6 +905,20 @@ TEST_F(CertVerifyProcTest, VerifyReturnChainProperlyOrdered) {

certs[1]->os_cert_handle()));

EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[1],

certs[2]->os_cert_handle()));

+ // The |unverified_server_cert| field should contain the chain exactly

+ // as sent by the server.

+ EXPECT_EQ(google_full_chain, verify_result.unverified_server_cert);

+ EXPECT_TRUE(X509Certificate::IsSameOSCert(

+ google_full_chain->os_cert_handle(),

+ verify_result.unverified_server_cert->os_cert_handle()));

+ const X509Certificate::OSCertHandles& unverified_server_intermediates =

+ verify_result.unverified_server_cert->GetIntermediateCertificates();

+ ASSERT_EQ(2U, unverified_server_intermediates.size());

+ EXPECT_TRUE(X509Certificate::IsSameOSCert(unverified_server_intermediates[0],

+ certs[2]->os_cert_handle()));

+ EXPECT_TRUE(X509Certificate::IsSameOSCert(unverified_server_intermediates[1],

+ certs[1]->os_cert_handle()));

}

// Test that Verify() filters out certificates which are not related to

« chrome/browser/net/chrome_fraudulent_certificate_reporter.cc ('K') | « net/cert/cert_verify_proc.cc ('k') | net/cert/cert_verify_result.h » ('j') | net/cert/cert_verify_result.h » ('J')