diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-20 15:14:27 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-20 15:14:27 +0000 |
| commit | dffe824dde902d3dc2da49f13bf94cfe6d00dc5f (patch) | |
| tree | 64efe94957dc97e2aa2d108ee9a0465c61da3a9a /net/test/base_test_server.h | |
| parent | 5edc5b36105063b5dc4fcb5ba4769ea25fbb327e (diff) | |
| download | chromium_src-dffe824dde902d3dc2da49f13bf94cfe6d00dc5f.zip chromium_src-dffe824dde902d3dc2da49f13bf94cfe6d00dc5f.tar.gz chromium_src-dffe824dde902d3dc2da49f13bf94cfe6d00dc5f.tar.bz2 | |
Revert "Revert "Revert "Revert "net: add OCSP tests.""""
(First landed in r127486, reverted in r127493 because it broke on
Windows XP, relanded in r127518 and reverted in r127520 because Android got
upset about an unused function.)
I was getting increasingly unhappy altering EV and revocation checking
semantics without any tests. We historically haven't had tests because
online revocation checking is inherently flaky so I amended testserver
with the minimum code to be able to sign and vend OCSP responses.
These tests do not test the final EV/CRLSet/revocation checking
semantics. They are intended to be altered in future CLs.
BUG=none
TEST=net_unittests
https://chromiumcodereview.appspot.com/9663017/
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127680 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/test/base_test_server.h')
| -rw-r--r-- | net/test/base_test_server.h | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/net/test/base_test_server.h b/net/test/base_test_server.h index 7264a65..fd04e55 100644 --- a/net/test/base_test_server.h +++ b/net/test/base_test_server.h @@ -46,6 +46,11 @@ class BaseTestServer { struct HTTPSOptions { enum ServerCertificate { CERT_OK, + + // CERT_AUTO causes the testserver to generate a test certificate issued + // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem). + CERT_AUTO, + CERT_MISMATCHED_NAME, CERT_EXPIRED, // Cross-signed certificate to test PKIX path building. Contains an @@ -55,6 +60,14 @@ class BaseTestServer { CERT_CHAIN_WRONG_ROOT, }; + // OCSPStatus enumerates the types of OCSP response that the testserver + // can produce. + enum OCSPStatus { + OCSP_OK, + OCSP_REVOKED, + OCSP_INVALID, + }; + // Bitmask of bulk encryption algorithms that the test server supports // and that can be selectively enabled or disabled. enum BulkCipher { @@ -83,9 +96,17 @@ class BaseTestServer { // |server_certificate|. FilePath GetCertificateFile() const; + // GetOCSPArgument returns the value of any OCSP argument to testserver or + // the empty string if there is none. + std::string GetOCSPArgument() const; + // The certificate to use when serving requests. ServerCertificate server_certificate; + // If |server_certificate==CERT_AUTO| then this determines the type of OCSP + // response returned. + OCSPStatus ocsp_status; + // True if a CertificateRequest should be sent to the client during // handshaking. bool request_client_certificate; |