summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormattm <mattm@chromium.org>2015-12-28 14:18:22 -0800
committerCommit bot <commit-bot@chromium.org>2015-12-28 22:19:18 +0000
commitb3dfdd83b1cf55b787433c6ad6bcca97269b528f (patch)
tree9af2f3bffa094bac6ec8b118ff8397611f376b69
parentc8737861ba65c1ad300e822365f19629b35d1518 (diff)
downloadchromium_src-b3dfdd83b1cf55b787433c6ad6bcca97269b528f.zip
chromium_src-b3dfdd83b1cf55b787433c6ad6bcca97269b528f.tar.gz
chromium_src-b3dfdd83b1cf55b787433c6ad6bcca97269b528f.tar.bz2
Remove trust from any certs in ScopedTestDB before closing it.
Otherwise NSS may cache verification results even after the test DB is gone. BUG=569657 TEST=net_unittests --gtest_filter='CertDatabaseNSSTest.ImportCaAndServerCert:TestRootCertsTest.OverrideTrust' --gtest_shuffle --gtest_repeat=25 Review URL: https://codereview.chromium.org/1532223005 Cr-Commit-Position: refs/heads/master@{#367016}
-rw-r--r--crypto/scoped_test_nss_db.cc18
1 files changed, 18 insertions, 0 deletions
diff --git a/crypto/scoped_test_nss_db.cc b/crypto/scoped_test_nss_db.cc
index 452c26d..dc58031 100644
--- a/crypto/scoped_test_nss_db.cc
+++ b/crypto/scoped_test_nss_db.cc
@@ -4,6 +4,8 @@
#include "crypto/scoped_test_nss_db.h"
+#include <cert.h>
+
#include "base/logging.h"
#include "base/threading/thread_restrictions.h"
#include "crypto/nss_util.h"
@@ -26,6 +28,22 @@ ScopedTestNSSDB::ScopedTestNSSDB() {
}
ScopedTestNSSDB::~ScopedTestNSSDB() {
+ // Remove trust from any certs in the test DB before closing it. Otherwise NSS
+ // may cache verification results even after the test DB is gone.
+ if (slot_) {
+ CERTCertList* cert_list = PK11_ListCertsInSlot(slot_.get());
+ for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
+ !CERT_LIST_END(node, cert_list);
+ node = CERT_LIST_NEXT(node)) {
+ CERTCertTrust trust = {0};
+ if (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), node->cert, &trust) !=
+ SECSuccess) {
+ LOG(ERROR) << "CERT_ChangeCertTrust failed: " << PORT_GetError();
+ }
+ }
+ CERT_DestroyCertList(cert_list);
+ }
+
// Don't close when NSS is < 3.15.1, because it would require an additional
// sleep for 1 second after closing the database, due to
// http://bugzil.la/875601.