diff options
| author | digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-13 04:43:29 +0000 |
|---|---|---|
| committer | digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-13 04:43:29 +0000 |
| commit | f5cae0f9e77c235c3873108c0eb0eb4dd249fade (patch) | |
| tree | ca9a103e853d52bbc3ee570548e6bffd0ea848c0 /net | |
| parent | 852664a9b288737ecde674eb04a898409dc7716e (diff) | |
| download | chromium_src-f5cae0f9e77c235c3873108c0eb0eb4dd249fade.zip chromium_src-f5cae0f9e77c235c3873108c0eb0eb4dd249fade.tar.gz chromium_src-f5cae0f9e77c235c3873108c0eb0eb4dd249fade.tar.bz2 | |
Add CLIENT_CERT_TYPE_DSS_SIGN to net::SSLClientCertType
This patch adds a new value to the net::SSLClientCertType that matches
DSA-based client certificates. This will be used by Android's client
certificate support code.
For an example, see https://chromiumcodereview.appspot.com/12220104/
More specifically:
- It modifies <net/base/ssl_client_cert_type.h> to add the new
enum value.
- It adds a corresponding non-translatable string ID to
chrome/app/generated_resources.grd, and ensures that the
ClientCertTypeToString() function in cookies_tree_model_util.cc
returns it appropriately.
- It adds SpdyCredentialBuilderTest.MAYBE_FailedWithDSACert
unit test, similar to the MAYBE_FailedWithRSACert. This is
based on the assumption that SPDY uses ECDSA certificates
exclusively (no code supporting RSA-based ones was found
under net/spdy).
Note that server-bound certificate unit tests have not been
modified (some of them handle both RSA and ECDSA certificates),
given that none of the production support code for this feature
seems to care about the certificate type, and that DSA-based
certificates are extremely rare in practice, and disappearing.
BUG=165668
Review URL: https://chromiumcodereview.appspot.com/12221136
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@182119 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/ssl_client_cert_type.h | 1 | ||||
| -rw-r--r-- | net/spdy/spdy_credential_builder_unittest.cc | 11 |
2 files changed, 12 insertions, 0 deletions
diff --git a/net/base/ssl_client_cert_type.h b/net/base/ssl_client_cert_type.h index cc68598..5890f5f 100644 --- a/net/base/ssl_client_cert_type.h +++ b/net/base/ssl_client_cert_type.h @@ -11,6 +11,7 @@ namespace net { // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-1 enum SSLClientCertType { CLIENT_CERT_RSA_SIGN = 1, + CLIENT_CERT_DSS_SIGN = 2, CLIENT_CERT_ECDSA_SIGN = 64, // 224-255 are Reserved for Private Use, we pick one to use as "invalid". CLIENT_CERT_INVALID_TYPE = 255, diff --git a/net/spdy/spdy_credential_builder_unittest.cc b/net/spdy/spdy_credential_builder_unittest.cc index 067fdb7..c3feb59 100644 --- a/net/spdy/spdy_credential_builder_unittest.cc +++ b/net/spdy/spdy_credential_builder_unittest.cc @@ -112,6 +112,17 @@ TEST_F(SpdyCredentialBuilderTest, MAYBE_FailsWithRSACert) { } #if defined(USE_OPENSSL) +#define MAYBE_FailsWithDSACert DISABLED_FailsWithDSACert +#else +#define MAYBE_FailsWithDSACert FailsWithDSACert +#endif + +TEST_F(SpdyCredentialBuilderTest, MAYBE_FailsWithDSACert) { + EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, + BuildWithType(CLIENT_CERT_DSS_SIGN)); +} + +#if defined(USE_OPENSSL) #define MAYBE_SetsSlotCorrectly DISABLED_SetsSlotCorrectly #else #define MAYBE_SetsSlotCorrectly SetsSlotCorrectly |