diff options
author | mattm <mattm@chromium.org> | 2015-12-28 14:18:22 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-12-28 22:19:18 +0000 |
commit | b3dfdd83b1cf55b787433c6ad6bcca97269b528f (patch) | |
tree | 9af2f3bffa094bac6ec8b118ff8397611f376b69 | |
parent | c8737861ba65c1ad300e822365f19629b35d1518 (diff) | |
download | chromium_src-b3dfdd83b1cf55b787433c6ad6bcca97269b528f.zip chromium_src-b3dfdd83b1cf55b787433c6ad6bcca97269b528f.tar.gz chromium_src-b3dfdd83b1cf55b787433c6ad6bcca97269b528f.tar.bz2 |
Remove trust from any certs in ScopedTestDB before closing it.
Otherwise NSS may cache verification results even after the test DB is gone.
BUG=569657
TEST=net_unittests --gtest_filter='CertDatabaseNSSTest.ImportCaAndServerCert:TestRootCertsTest.OverrideTrust' --gtest_shuffle --gtest_repeat=25
Review URL: https://codereview.chromium.org/1532223005
Cr-Commit-Position: refs/heads/master@{#367016}
-rw-r--r-- | crypto/scoped_test_nss_db.cc | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/crypto/scoped_test_nss_db.cc b/crypto/scoped_test_nss_db.cc index 452c26d..dc58031 100644 --- a/crypto/scoped_test_nss_db.cc +++ b/crypto/scoped_test_nss_db.cc @@ -4,6 +4,8 @@ #include "crypto/scoped_test_nss_db.h" +#include <cert.h> + #include "base/logging.h" #include "base/threading/thread_restrictions.h" #include "crypto/nss_util.h" @@ -26,6 +28,22 @@ ScopedTestNSSDB::ScopedTestNSSDB() { } ScopedTestNSSDB::~ScopedTestNSSDB() { + // Remove trust from any certs in the test DB before closing it. Otherwise NSS + // may cache verification results even after the test DB is gone. + if (slot_) { + CERTCertList* cert_list = PK11_ListCertsInSlot(slot_.get()); + for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); + !CERT_LIST_END(node, cert_list); + node = CERT_LIST_NEXT(node)) { + CERTCertTrust trust = {0}; + if (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), node->cert, &trust) != + SECSuccess) { + LOG(ERROR) << "CERT_ChangeCertTrust failed: " << PORT_GetError(); + } + } + CERT_DestroyCertList(cert_list); + } + // Don't close when NSS is < 3.15.1, because it would require an additional // sleep for 1 second after closing the database, due to // http://bugzil.la/875601. |