| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verify_proc.h" | 5 #include "net/base/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
| 10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
| 11 #include "base/sha1.h" | 11 #include "base/sha1.h" |
| 12 #include "net/base/asn1_util.h" | 12 #include "net/base/asn1_util.h" |
| 13 #include "net/base/cert_status_flags.h" | 13 #include "net/base/cert_status_flags.h" |
| 14 #include "net/base/cert_test_util.h" | 14 #include "net/base/cert_test_util.h" |
| 15 #include "net/base/cert_verifier.h" | 15 #include "net/base/cert_verifier.h" |
| 16 #include "net/base/cert_verify_result.h" | 16 #include "net/base/cert_verify_result.h" |
| 17 #include "net/base/crl_set.h" | 17 #include "net/base/crl_set.h" |
| 18 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
| 19 #include "net/base/test_certificate_data.h" | 19 #include "net/base/test_certificate_data.h" |
| 20 #include "net/base/test_root_certs.h" | 20 #include "net/base/test_root_certs.h" |
| 21 #include "net/base/x509_certificate.h" | 21 #include "net/base/x509_certificate.h" |
| 22 #include "testing/gtest/include/gtest/gtest.h" | 22 #include "testing/gtest/include/gtest/gtest.h" |
| 23 | 23 |
| 24 #if defined(OS_WIN) | 24 #if defined(OS_WIN) |
| 25 #include "base/win/windows_version.h" | 25 #include "base/win/windows_version.h" |
| 26 #elif defined(OS_MACOSX) | 26 #elif defined(OS_MACOSX) && !defined(OS_IOS) |
| 27 #include "base/mac/mac_util.h" | 27 #include "base/mac/mac_util.h" |
| 28 #endif | 28 #endif |
| 29 | 29 |
| 30 using base::HexEncode; | 30 using base::HexEncode; |
| 31 | 31 |
| 32 namespace net { | 32 namespace net { |
| 33 | 33 |
| 34 namespace { | 34 namespace { |
| 35 | 35 |
| 36 // A certificate for www.paypal.com with a NULL byte in the common name. | 36 // A certificate for www.paypal.com with a NULL byte in the common name. |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 123 | 123 |
| 124 const SHA1HashValue& fingerprint = | 124 const SHA1HashValue& fingerprint = |
| 125 paypal_null_cert->fingerprint(); | 125 paypal_null_cert->fingerprint(); |
| 126 for (size_t i = 0; i < 20; ++i) | 126 for (size_t i = 0; i < 20; ++i) |
| 127 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); | 127 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); |
| 128 | 128 |
| 129 int flags = 0; | 129 int flags = 0; |
| 130 CertVerifyResult verify_result; | 130 CertVerifyResult verify_result; |
| 131 int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL, | 131 int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL, |
| 132 &verify_result); | 132 &verify_result); |
| 133 #if defined(USE_NSS) | 133 #if defined(USE_NSS) || defined(OS_IOS) |
| 134 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); | 134 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); |
| 135 #else | 135 #else |
| 136 // TOOD(bulach): investigate why macosx and win aren't returning | 136 // TOOD(bulach): investigate why macosx and win aren't returning |
| 137 // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID. | 137 // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID. |
| 138 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); | 138 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); |
| 139 #endif | 139 #endif |
| 140 // Either the system crypto library should correctly report a certificate | 140 // Either the system crypto library should correctly report a certificate |
| 141 // name mismatch, or our certificate blacklist should cause us to report an | 141 // name mismatch, or our certificate blacklist should cause us to report an |
| 142 // invalid certificate. | 142 // invalid certificate. |
| 143 #if defined(USE_NSS) || defined(OS_WIN) | 143 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_IOS) |
| 144 EXPECT_TRUE(verify_result.cert_status & | 144 EXPECT_TRUE(verify_result.cert_status & |
| 145 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); | 145 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); |
| 146 #endif | 146 #endif |
| 147 } | 147 } |
| 148 | 148 |
| 149 // A regression test for http://crbug.com/31497. | 149 // A regression test for http://crbug.com/31497. |
| 150 // This certificate will expire on 2012-04-08. The test will still | 150 // This certificate will expire on 2012-04-08. The test will still |
| 151 // pass if error == ERR_CERT_DATE_INVALID. TODO(wtc): generate test | 151 // pass if error == ERR_CERT_DATE_INVALID. TODO(wtc): generate test |
| 152 // certificates for this unit test. http://crbug.com/111742 | 152 // certificates for this unit test. http://crbug.com/111742 |
| 153 TEST_F(CertVerifyProcTest, IntermediateCARequireExplicitPolicy) { | 153 TEST_F(CertVerifyProcTest, IntermediateCARequireExplicitPolicy) { |
| (...skipping 351 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 505 // This certificate has two errors: "invalid key usage" and "untrusted CA". | 505 // This certificate has two errors: "invalid key usage" and "untrusted CA". |
| 506 // However, OpenSSL returns only one (the latter), and we can't detect | 506 // However, OpenSSL returns only one (the latter), and we can't detect |
| 507 // the other errors. | 507 // the other errors. |
| 508 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); | 508 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); |
| 509 #else | 509 #else |
| 510 EXPECT_EQ(ERR_CERT_INVALID, error); | 510 EXPECT_EQ(ERR_CERT_INVALID, error); |
| 511 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); | 511 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); |
| 512 #endif | 512 #endif |
| 513 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors | 513 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors |
| 514 // from NSS. | 514 // from NSS. |
| 515 #if !defined(USE_NSS) | 515 #if !defined(USE_NSS) && !defined(OS_IOS) |
| 516 // The certificate is issued by an unknown CA. | 516 // The certificate is issued by an unknown CA. |
| 517 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); | 517 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
| 518 #endif | 518 #endif |
| 519 } | 519 } |
| 520 | 520 |
| 521 // Basic test for returning the chain in CertVerifyResult. Note that the | 521 // Basic test for returning the chain in CertVerifyResult. Note that the |
| 522 // returned chain may just be a reflection of the originally supplied chain; | 522 // returned chain may just be a reflection of the originally supplied chain; |
| 523 // that is, if any errors occur, the default chain returned is an exact copy | 523 // that is, if any errors occur, the default chain returned is an exact copy |
| 524 // of the certificate to be verified. The remaining VerifyReturn* tests are | 524 // of the certificate to be verified. The remaining VerifyReturn* tests are |
| 525 // used to ensure that the actual, verified chain is being returned by | 525 // used to ensure that the actual, verified chain is being returned by |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 648 verify_result.verified_cert->os_cert_handle())); | 648 verify_result.verified_cert->os_cert_handle())); |
| 649 const X509Certificate::OSCertHandles& return_intermediates = | 649 const X509Certificate::OSCertHandles& return_intermediates = |
| 650 verify_result.verified_cert->GetIntermediateCertificates(); | 650 verify_result.verified_cert->GetIntermediateCertificates(); |
| 651 ASSERT_EQ(2U, return_intermediates.size()); | 651 ASSERT_EQ(2U, return_intermediates.size()); |
| 652 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], | 652 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], |
| 653 certs[1]->os_cert_handle())); | 653 certs[1]->os_cert_handle())); |
| 654 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[1], | 654 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[1], |
| 655 certs[2]->os_cert_handle())); | 655 certs[2]->os_cert_handle())); |
| 656 } | 656 } |
| 657 | 657 |
| 658 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) | 658 #if defined(USE_NSS) || defined(OS_IOS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 659 static const uint8 kCRLSetThawteSPKIBlocked[] = { | 659 static const uint8 kCRLSetThawteSPKIBlocked[] = { |
| 660 0x8e, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a, | 660 0x8e, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a, |
| 661 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, | 661 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, |
| 662 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22, | 662 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22, |
| 663 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22, | 663 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22, |
| 664 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c, | 664 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c, |
| 665 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a, | 665 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a, |
| 666 0x30, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b, | 666 0x30, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b, |
| 667 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x22, 0x36, 0x58, 0x36, 0x4d, 0x78, 0x52, 0x37, | 667 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x22, 0x36, 0x58, 0x36, 0x4d, 0x78, 0x52, 0x37, |
| 668 0x58, 0x70, 0x4d, 0x51, 0x4b, 0x78, 0x49, 0x41, 0x39, 0x50, 0x6a, 0x36, 0x37, | 668 0x58, 0x70, 0x4d, 0x51, 0x4b, 0x78, 0x49, 0x41, 0x39, 0x50, 0x6a, 0x36, 0x37, |
| (...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 882 | 882 |
| 883 // The signature algorithm of intermediates should be properly detected. | 883 // The signature algorithm of intermediates should be properly detected. |
| 884 const WeakDigestTestData kVerifyIntermediateCATestData[] = { | 884 const WeakDigestTestData kVerifyIntermediateCATestData[] = { |
| 885 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 885 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
| 886 "weak_digest_sha1_ee.pem", true, false, false, true, false }, | 886 "weak_digest_sha1_ee.pem", true, false, false, true, false }, |
| 887 #if defined(USE_OPENSSL) || defined(OS_WIN) | 887 #if defined(USE_OPENSSL) || defined(OS_WIN) |
| 888 // MD4 is not supported by OS X / NSS | 888 // MD4 is not supported by OS X / NSS |
| 889 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 889 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
| 890 "weak_digest_sha1_ee.pem", false, true, false, false, false }, | 890 "weak_digest_sha1_ee.pem", false, true, false, false, false }, |
| 891 #endif | 891 #endif |
| 892 #if !defined(USE_NSS) // MD2 is disabled by default. | 892 #if !defined(USE_NSS) && !defined(OS_IOS) // MD2 is disabled by default. |
| 893 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 893 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
| 894 "weak_digest_sha1_ee.pem", false, false, true, false, true }, | 894 "weak_digest_sha1_ee.pem", false, false, true, false, true }, |
| 895 #endif | 895 #endif |
| 896 }; | 896 }; |
| 897 INSTANTIATE_TEST_CASE_P(VerifyIntermediate, CertVerifyProcWeakDigestTest, | 897 INSTANTIATE_TEST_CASE_P(VerifyIntermediate, CertVerifyProcWeakDigestTest, |
| 898 testing::ValuesIn(kVerifyIntermediateCATestData)); | 898 testing::ValuesIn(kVerifyIntermediateCATestData)); |
| 899 | 899 |
| 900 // The signature algorithm of end-entity should be properly detected. | 900 // The signature algorithm of end-entity should be properly detected. |
| 901 const WeakDigestTestData kVerifyEndEntityTestData[] = { | 901 const WeakDigestTestData kVerifyEndEntityTestData[] = { |
| 902 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 902 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
| 903 "weak_digest_md5_ee.pem", true, false, false, false, false }, | 903 "weak_digest_md5_ee.pem", true, false, false, false, false }, |
| 904 #if defined(USE_OPENSSL) || defined(OS_WIN) | 904 #if defined(USE_OPENSSL) || defined(OS_WIN) |
| 905 // MD4 is not supported by OS X / NSS | 905 // MD4 is not supported by OS X / NSS |
| 906 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 906 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
| 907 "weak_digest_md4_ee.pem", false, true, false, false, false }, | 907 "weak_digest_md4_ee.pem", false, true, false, false, false }, |
| 908 #endif | 908 #endif |
| 909 #if !defined(USE_NSS) // MD2 is disabled by default. | 909 #if !defined(USE_NSS) && !defined(OS_IOS) // MD2 is disabled by default. |
| 910 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 910 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
| 911 "weak_digest_md2_ee.pem", false, false, true, false, false }, | 911 "weak_digest_md2_ee.pem", false, false, true, false, false }, |
| 912 #endif | 912 #endif |
| 913 }; | 913 }; |
| 914 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot | 914 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot |
| 915 // be cleared until NSS is cleanly shutdown, which is not presently supported | 915 // be cleared until NSS is cleanly shutdown, which is not presently supported |
| 916 // in Chromium. | 916 // in Chromium. |
| 917 #if defined(USE_NSS) | 917 #if defined(USE_NSS) || defined(OS_IOS) |
| 918 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity | 918 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity |
| 919 #else | 919 #else |
| 920 #define MAYBE_VerifyEndEntity VerifyEndEntity | 920 #define MAYBE_VerifyEndEntity VerifyEndEntity |
| 921 #endif | 921 #endif |
| 922 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, | 922 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, |
| 923 CertVerifyProcWeakDigestTest, | 923 CertVerifyProcWeakDigestTest, |
| 924 testing::ValuesIn(kVerifyEndEntityTestData)); | 924 testing::ValuesIn(kVerifyEndEntityTestData)); |
| 925 | 925 |
| 926 // Incomplete chains should still report the status of the intermediate. | 926 // Incomplete chains should still report the status of the intermediate. |
| 927 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { | 927 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { |
| 928 { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", | 928 { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", |
| 929 true, false, false, true, false }, | 929 true, false, false, true, false }, |
| 930 #if defined(USE_OPENSSL) || defined(OS_WIN) | 930 #if defined(USE_OPENSSL) || defined(OS_WIN) |
| 931 // MD4 is not supported by OS X / NSS | 931 // MD4 is not supported by OS X / NSS |
| 932 { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", | 932 { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", |
| 933 false, true, false, false, false }, | 933 false, true, false, false, false }, |
| 934 #endif | 934 #endif |
| 935 { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", | 935 { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", |
| 936 false, false, true, false, true }, | 936 false, false, true, false, true }, |
| 937 }; | 937 }; |
| 938 // Disabled on NSS - libpkix does not return constructed chains on error, | 938 // Disabled on NSS - libpkix does not return constructed chains on error, |
| 939 // preventing us from detecting/inspecting the verified chain. | 939 // preventing us from detecting/inspecting the verified chain. |
| 940 #if defined(USE_NSS) | 940 #if defined(USE_NSS) || defined(OS_IOS) |
| 941 #define MAYBE_VerifyIncompleteIntermediate \ | 941 #define MAYBE_VerifyIncompleteIntermediate \ |
| 942 DISABLED_VerifyIncompleteIntermediate | 942 DISABLED_VerifyIncompleteIntermediate |
| 943 #else | 943 #else |
| 944 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate | 944 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate |
| 945 #endif | 945 #endif |
| 946 WRAPPED_INSTANTIATE_TEST_CASE_P( | 946 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 947 MAYBE_VerifyIncompleteIntermediate, | 947 MAYBE_VerifyIncompleteIntermediate, |
| 948 CertVerifyProcWeakDigestTest, | 948 CertVerifyProcWeakDigestTest, |
| 949 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); | 949 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); |
| 950 | 950 |
| 951 // Incomplete chains should still report the status of the end-entity. | 951 // Incomplete chains should still report the status of the end-entity. |
| 952 const WeakDigestTestData kVerifyIncompleteEETestData[] = { | 952 const WeakDigestTestData kVerifyIncompleteEETestData[] = { |
| 953 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", | 953 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", |
| 954 true, false, false, false, false }, | 954 true, false, false, false, false }, |
| 955 #if defined(USE_OPENSSL) || defined(OS_WIN) | 955 #if defined(USE_OPENSSL) || defined(OS_WIN) |
| 956 // MD4 is not supported by OS X / NSS | 956 // MD4 is not supported by OS X / NSS |
| 957 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", | 957 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", |
| 958 false, true, false, false, false }, | 958 false, true, false, false, false }, |
| 959 #endif | 959 #endif |
| 960 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", | 960 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", |
| 961 false, false, true, false, false }, | 961 false, false, true, false, false }, |
| 962 }; | 962 }; |
| 963 // Disabled on NSS - libpkix does not return constructed chains on error, | 963 // Disabled on NSS - libpkix does not return constructed chains on error, |
| 964 // preventing us from detecting/inspecting the verified chain. | 964 // preventing us from detecting/inspecting the verified chain. |
| 965 #if defined(USE_NSS) | 965 #if defined(USE_NSS) || defined(OS_IOS) |
| 966 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity | 966 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity |
| 967 #else | 967 #else |
| 968 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity | 968 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity |
| 969 #endif | 969 #endif |
| 970 WRAPPED_INSTANTIATE_TEST_CASE_P( | 970 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 971 MAYBE_VerifyIncompleteEndEntity, | 971 MAYBE_VerifyIncompleteEndEntity, |
| 972 CertVerifyProcWeakDigestTest, | 972 CertVerifyProcWeakDigestTest, |
| 973 testing::ValuesIn(kVerifyIncompleteEETestData)); | 973 testing::ValuesIn(kVerifyIncompleteEETestData)); |
| 974 | 974 |
| 975 // Differing algorithms between the intermediate and the EE should still be | 975 // Differing algorithms between the intermediate and the EE should still be |
| 976 // reported. | 976 // reported. |
| 977 const WeakDigestTestData kVerifyMixedTestData[] = { | 977 const WeakDigestTestData kVerifyMixedTestData[] = { |
| 978 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 978 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
| 979 "weak_digest_md2_ee.pem", true, false, true, true, false }, | 979 "weak_digest_md2_ee.pem", true, false, true, true, false }, |
| 980 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 980 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
| 981 "weak_digest_md5_ee.pem", true, false, true, false, true }, | 981 "weak_digest_md5_ee.pem", true, false, true, false, true }, |
| 982 #if defined(USE_OPENSSL) || defined(OS_WIN) | 982 #if defined(USE_OPENSSL) || defined(OS_WIN) |
| 983 // MD4 is not supported by OS X / NSS | 983 // MD4 is not supported by OS X / NSS |
| 984 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 984 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
| 985 "weak_digest_md2_ee.pem", false, true, true, false, false }, | 985 "weak_digest_md2_ee.pem", false, true, true, false, false }, |
| 986 #endif | 986 #endif |
| 987 }; | 987 }; |
| 988 // NSS does not support MD4 and does not enable MD2 by default, making all | 988 // NSS does not support MD4 and does not enable MD2 by default, making all |
| 989 // permutations invalid. | 989 // permutations invalid. |
| 990 #if defined(USE_NSS) | 990 #if defined(USE_NSS) || defined(OS_IOS) |
| 991 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 991 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
| 992 #else | 992 #else |
| 993 #define MAYBE_VerifyMixed VerifyMixed | 993 #define MAYBE_VerifyMixed VerifyMixed |
| 994 #endif | 994 #endif |
| 995 WRAPPED_INSTANTIATE_TEST_CASE_P( | 995 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 996 MAYBE_VerifyMixed, | 996 MAYBE_VerifyMixed, |
| 997 CertVerifyProcWeakDigestTest, | 997 CertVerifyProcWeakDigestTest, |
| 998 testing::ValuesIn(kVerifyMixedTestData)); | 998 testing::ValuesIn(kVerifyMixedTestData)); |
| 999 | 999 |
| 1000 } // namespace net | 1000 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10983023:
Port certificate verification to iOS. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master