Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(353)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_unittest.cc

Issue 14358023: Differentiate between VERIFY_FAILED and VERIFY_INCORRECT_KEY_USAGE. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Yep, joth was right. Hopefully this works. Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/cert/cert_verify_proc_android.cc ('K') | « net/cert/cert_verify_proc_android.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc.h" 5 #include "net/cert/cert_verify_proc.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/files/file_path.h" 9 #include "base/files/file_path.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 510 matching lines...) Expand 10 before | Expand all | Expand 10 after
521 base::FilePath certs_dir = GetTestCertsDirectory(); 521 base::FilePath certs_dir = GetTestCertsDirectory();
522 522
523 scoped_refptr<X509Certificate> server_cert = 523 scoped_refptr<X509Certificate> server_cert =
524 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); 524 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der");
525 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); 525 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);
526 526
527 int flags = 0; 527 int flags = 0;
528 CertVerifyResult verify_result; 528 CertVerifyResult verify_result;
529 int error = Verify(server_cert, "jira.aquameta.com", flags, NULL, 529 int error = Verify(server_cert, "jira.aquameta.com", flags, NULL,
530 empty_cert_list_, &verify_result); 530 empty_cert_list_, &verify_result);
531 #if defined(USE_OPENSSL) 531 #if defined(USE_OPENSSL) && !defined(OS_ANDROID)
532 // This certificate has two errors: "invalid key usage" and "untrusted CA". 532 // This certificate has two errors: "invalid key usage" and "untrusted CA".
533 // However, OpenSSL returns only one (the latter), and we can't detect 533 // However, OpenSSL returns only one (the latter), and we can't detect
534 // the other errors. 534 // the other errors.
535 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); 535 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
536 #else 536 #else
537 EXPECT_EQ(ERR_CERT_INVALID, error); 537 EXPECT_EQ(ERR_CERT_INVALID, error);
538 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); 538 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID);
539 #endif 539 #endif
540 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors 540 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors
541 // from NSS. 541 // from NSS.
542 #if !defined(USE_NSS) && !defined(OS_IOS) 542 #if !defined(USE_NSS) && !defined(OS_IOS) && !defined(OS_ANDROID)
543 // The certificate is issued by an unknown CA. 543 // The certificate is issued by an unknown CA.
544 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); 544 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
545 #endif 545 #endif
546 } 546 }
547 547
548 // Basic test for returning the chain in CertVerifyResult. Note that the 548 // Basic test for returning the chain in CertVerifyResult. Note that the
549 // returned chain may just be a reflection of the originally supplied chain; 549 // returned chain may just be a reflection of the originally supplied chain;
550 // that is, if any errors occur, the default chain returned is an exact copy 550 // that is, if any errors occur, the default chain returned is an exact copy
551 // of the certificate to be verified. The remaining VerifyReturn* tests are 551 // of the certificate to be verified. The remaining VerifyReturn* tests are
552 // used to ensure that the actual, verified chain is being returned by 552 // used to ensure that the actual, verified chain is being returned by
(...skipping 520 matching lines...) Expand 10 before | Expand all | Expand 10 after
1073 #define MAYBE_VerifyMixed DISABLED_VerifyMixed 1073 #define MAYBE_VerifyMixed DISABLED_VerifyMixed
1074 #else 1074 #else
1075 #define MAYBE_VerifyMixed VerifyMixed 1075 #define MAYBE_VerifyMixed VerifyMixed
1076 #endif 1076 #endif
1077 WRAPPED_INSTANTIATE_TEST_CASE_P( 1077 WRAPPED_INSTANTIATE_TEST_CASE_P(
1078 MAYBE_VerifyMixed, 1078 MAYBE_VerifyMixed,
1079 CertVerifyProcWeakDigestTest, 1079 CertVerifyProcWeakDigestTest,
1080 testing::ValuesIn(kVerifyMixedTestData)); 1080 testing::ValuesIn(kVerifyMixedTestData));
1081 1081
1082 } // namespace net 1082 } // namespace net
OLDNEW
« net/cert/cert_verify_proc_android.cc ('K') | « net/cert/cert_verify_proc_android.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698