Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2590)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/common/net/x509_certificate_model_unittest.cc

Issue 9940001: Fix imported server certs being distrusted in NSS 3.13. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: cleanups Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/chromeos/cros/onc_network_parser_unittest.cc ('K') | « chrome/chrome_browser.gypi ('k') | chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/common/net/x509_certificate_model_unittest.cc
diff --git a/chrome/common/net/x509_certificate_model_unittest.cc b/chrome/common/net/x509_certificate_model_unittest.cc
index 0178f096e23fec0a75e2b8f12bd852a443556495..929185f91955b75df5d0bfc6dbcd965dfe1ff0d4 100644
--- a/chrome/common/net/x509_certificate_model_unittest.cc
+++ b/chrome/common/net/x509_certificate_model_unittest.cc
@@ -28,13 +28,8 @@ TEST(X509CertificateModelTest, GetTypeCA) {
// Test that explicitly distrusted CA certs are still returned as CA_CERT
// type. See http://crbug.com/96654.
net::CertDatabase cert_db;
- // TODO(mattm): This depends on the implementation details of SetCertTrust
- // where calling with SERVER_CERT and UNTRUSTED causes a cert to be explicitly
- // distrusted (trust set to CERTDB_TERMINAL_RECORD). See
- // http://crbug.com/116411. When I fix that bug I'll also add a way to set
- // this directly.
- EXPECT_TRUE(cert_db.SetCertTrust(cert, net::SERVER_CERT,
- net::CertDatabase::UNTRUSTED));
+ EXPECT_TRUE(cert_db.SetCertTrust(cert, net::CA_CERT,
+ net::CertDatabase::DISTRUSTED_SSL));
EXPECT_EQ(net::CA_CERT,
x509_certificate_model::GetType(cert->os_cert_handle()));
@@ -52,20 +47,24 @@ TEST(X509CertificateModelTest, GetTypeServer) {
EXPECT_EQ(net::UNKNOWN_CERT,
x509_certificate_model::GetType(cert->os_cert_handle()));
#else
- // TODO(mattm): make GetCertType smarter so we can tell server certs even if
- // they have no trust bits set.
+ // Test mozilla_security_manager::GetCertType with server certs and default
+ // trust. Currently this doesn't work.
+ // TODO(mattm): make mozilla_security_manager::GetCertType smarter so we can
+ // tell server certs even if they have no trust bits set.
EXPECT_EQ(net::UNKNOWN_CERT,
x509_certificate_model::GetType(cert->os_cert_handle()));
net::CertDatabase cert_db;
+ // Test GetCertType with server certs and explicit trust.
EXPECT_TRUE(cert_db.SetCertTrust(cert, net::SERVER_CERT,
net::CertDatabase::TRUSTED_SSL));
EXPECT_EQ(net::SERVER_CERT,
x509_certificate_model::GetType(cert->os_cert_handle()));
+ // Test GetCertType with server certs and explicit distrust.
EXPECT_TRUE(cert_db.SetCertTrust(cert, net::SERVER_CERT,
- net::CertDatabase::UNTRUSTED));
+ net::CertDatabase::DISTRUSTED_SSL));
EXPECT_EQ(net::SERVER_CERT,
x509_certificate_model::GetType(cert->os_cert_handle()));
« chrome/browser/chromeos/cros/onc_network_parser_unittest.cc ('K') | « chrome/chrome_browser.gypi ('k') | chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698