summaryrefslogtreecommitdiffstats
path: root/net/base/x509_certificate_unittest.cc
Commit message (Collapse)AuthorAgeFilesLines
* Return the constructed certificate chain in X509Certificate::Verify()rsleevi@chromium.org2011-07-301-0/+142
| | | | | | | | | | BUG=65540 TEST=net_unittests --gtest_filter=X509CertificateTest.VerifyReturn* Review URL: http://codereview.chromium.org/6874039 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94832 0039d316-1c4b-4281-b951-d872f2087c98
* Cache the underlying OS certificate handle within the X509CertificateCache, ↵rsleevi@chromium.org2011-07-191-70/+31
| | | | | | | | | | | rather than caching raw X509Certificate pointers. TEST=X509CertificateTest.Cache, X509CertificateTest.Intermediates BUG=32623, 47648, 49377, 68448, 70216, 77374, 78038 Review URL: http://codereview.chromium.org/2944008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92977 0039d316-1c4b-4281-b951-d872f2087c98
* Rewrite the name verifier using CanonicalizeHostjoth@chromium.org2011-07-131-7/+13
| | | | | | | | | | | | - uses the IP address parsing already done by the canonicalizer - requires googleurl roll to r159 (http://codereview.chromium.org/7346008/) BUG=62973 TEST=X509CertificateNameVerifyTest.VerifyHostname Review URL: http://codereview.chromium.org/7204053 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92342 0039d316-1c4b-4281-b951-d872f2087c98
* Make the host name verification conform to rfc6125joth@chromium.org2011-07-121-33/+129
| | | | | | | | | | | | | | Full IP support Add suppport for partial wildcards in hostnames BUG=62973 TEST=X509CertificateNameVerifyTest.VerifyHostname (Reverted commit: http://src.chromium.org/viewvc/chrome?view=rev&revision=92006) Review URL: http://codereview.chromium.org/7218011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92121 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 92006 - Make the host name verification conform to rfc6125joth@chromium.org2011-07-111-127/+33
| | | | | | | | | | | | | | | | | - its making Windows net_unittests hang on startup e.g. http://build.chromium.org/p/chromium/builders/XP%20Tests%20%282%29/builds/5386/steps/net_unittests/logs/stdio Full IP support Add suppport for partial wildcards in hostnames BUG=62973 TEST=X509CertificateNameVerifyTest.VerifyHostname Review URL: http://codereview.chromium.org/7218011 TBR=joth@chromium.org Review URL: http://codereview.chromium.org/7329046 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92009 0039d316-1c4b-4281-b951-d872f2087c98
* Make the host name verification conform to rfc6125joth@chromium.org2011-07-111-33/+127
| | | | | | | | | | | | Full IP support Add suppport for partial wildcards in hostnames BUG=62973 TEST=X509CertificateNameVerifyTest.VerifyHostname Review URL: http://codereview.chromium.org/7218011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92006 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "Revert "net: followup to codereview for cl/7096014""agl@chromium.org2011-06-081-3/+3
| | | | | | | This reverts commit r88333, effectively reapplying r88331. The original failure turned out to be just a flake. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88335 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "net: followup to codereview for cl/7096014"agl@chromium.org2011-06-081-3/+3
| | | | | | This reverts commit r88331. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88333 0039d316-1c4b-4281-b951-d872f2087c98
* net: followup to codereview for cl/7096014agl@chromium.org2011-06-081-3/+3
| | | | | | | | | BUG=none TEST=net_unittests http://codereview.chromium.org/6993027/ git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88331 0039d316-1c4b-4281-b951-d872f2087c98
* net: Add code to extract CRL URLs from X.509 certificates.agl@chromium.org2011-06-021-0/+19
| | | | | | | | | | | This is part of the CRL filter work. BUG=none TEST=none http://codereview.chromium.org/7096014/ git-svn-id: svn://svn.chromium.org/chrome/trunk/src@87619 0039d316-1c4b-4281-b951-d872f2087c98
* Added EV policy OID and root sha1 fingerprint for GlobalSign Root CA - R3rkn@chromium.org2011-05-251-0/+37
| | | | | | | | | | | | | BUG=58437 TEST=go to <https://2029.globalsign.com> and verify the EV status Unit Test (This test has been DISABLED because it fails when "./netunittests" is run, though it passes individually.): "net_unittests --gtest_filter=X509CertificateTest.GlobalSignR3EVTest" Review URL: http://codereview.chromium.org/7037031 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@86632 0039d316-1c4b-4281-b951-d872f2087c98
* Change the HTTP cache to cache the entire certificate chain for SSL sitesrsleevi@chromium.org2011-04-201-7/+30
| | | | | | | | | | | | When persisting an X509Certificate to a pickle, such as when storing to the HTTP cache, persist any intermediate certificates in addition to the end-entity certificate. This will allow the complete certificate chain to be displayed to the end user when viewing a cached entry, independent of whether a network request has been made to that site during the browsing session. R=agl BUG=7065 TEST=X509CertificateTest.Persist Review URL: http://codereview.chromium.org/4645001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@82214 0039d316-1c4b-4281-b951-d872f2087c98
* Move crypto files out of base, to a top level directory.rvargas@google.com2011-04-141-6/+6
| | | | | | | | | | | | | src/crypto is now an independent project that contains our cryptographic primitives (except md5 and sha1). This removes the base dependency from nss, openssl and sqlite. BUG=76996 TEST=none Review URL: http://codereview.chromium.org/6805019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81611 0039d316-1c4b-4281-b951-d872f2087c98
* Fix openssl buildjoth@chromium.org2011-04-131-6/+7
| | | | | | | | | | | | | | | | Tests ExtractSPKIFromDERCert & PublicKeyHashes are failing (you can see them here: http://goo.gl/Rc3OA ) Follow up to http://src.chromium.org/viewvc/chrome?view=rev&revision=81259 - implements GetDEREncoded for opensll - adds public_key_hashes support in openssl X509Certificate::Verify - small change to unit test to make it much easier to diagnose failures. BUG=None TEST=net_unittests --gtest_filter=X509Certificate* Review URL: http://codereview.chromium.org/6826065 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81398 0039d316-1c4b-4281-b951-d872f2087c98
* net: add support for checking if a known public key is in a chain.agl@chromium.org2011-04-121-1/+67
| | | | | | | | | | | | | | | This is intended for use with future support for HSTS or CAA pinning of certificate chains. Since we build certificate chains from a pool of certificates, and certificates get reissued with updated expiries etc, only the public keys in the chain will always match. Thus we match on SHA1 hashes of SubjectPublicKeyInfos. BUG=none TEST=net_unittests Review URL: http://codereview.chromium.org/6821010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81259 0039d316-1c4b-4281-b951-d872f2087c98
* net: reenable TestKnownRootsagl@chromium.org2011-04-081-2/+1
| | | | | | | | | | | | (disabled in r80801) I can't find anything wrong with it with Valgrind so I want to see if the TSAN blowup was a fluke. BUG=none TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80932 0039d316-1c4b-4281-b951-d872f2087c98
* net: disable TestKnownRootsagl@chromium.org2011-04-071-1/+2
| | | | | | | It hung the TSAN bot, although I don't know why: http://build.chromium.org/p/chromium.memory/builders/Windows%20Tests%20%28tsan%29/builds/3531/steps/memory%20test%3A%20net/logs/stdio git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80801 0039d316-1c4b-4281-b951-d872f2087c98
* net: add ability to distinguish user-added root CAs.agl@chromium.org2011-04-071-0/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | We have several places where a need to distinguish `real' root CAs from user-added root CAs will be useful: 1) Monoscope wants to inspect correctly signed, but unknown certificates, but doesn't want to deal with proxy MITM certificates. 2) HSTS is likely to add a method for pinning to a certificate, but we don't want to break every proxy MITM with it. This change adds several lists of known, `real' roots. These lists present an ongoing maintainance issue. However, in the event that the lists are incomplete in the future, we fail open. This is because roots not in these lists are treated as user-added and user-added roots have more authority than `real' roots. In some sense, this is a problem because it might be a security issue that new roots are given too much authority. On the other hand, we're not breaking things when we're behind on updating the lists so the maintainance issue isn't too pressing. BUG=none TEST=none Review URL: http://codereview.chromium.org/6793041 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80778 0039d316-1c4b-4281-b951-d872f2087c98
* Remove most unnecessary uses of "net::" in net/base/.adamk@chromium.org2011-03-251-6/+6
| | | | | | | | | | Also removes several empty and unused gtest test fixtures. R=willchan@chromium.org Review URL: http://codereview.chromium.org/6676134 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@79411 0039d316-1c4b-4281-b951-d872f2087c98
* Fixes X509CertificateTest.SerialNumbers for USE_OPENSSL.bulach@chromium.org2011-03-211-1/+1
| | | | | | | | | | | (followup on r78478) BUG=none TEST=X509CertificateTest.SerialNumbers Review URL: http://codereview.chromium.org/6708027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@78869 0039d316-1c4b-4281-b951-d872f2087c98
* Fix expectations for X509CertificateTest.InvalidKeyUsage:bulach@chromium.org2011-03-171-2/+15
| | | | | | | | | | | | | | | Tests for NE(OK..) rather than EQ(ERR_CERT_INVALID...). Don't test for CERT_STATUS_INVALID. Reason: openssl uses CERT_STATUS_AUTHORITY_INVALID for this cert. (in fact, it now uses the same errors conditions as UnoSoftCertParsing). BUG=none TEST=X509CertificateTest.InvalidKeyUsage passes with use_openssl=1 Review URL: http://codereview.chromium.org/6665024 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@78531 0039d316-1c4b-4281-b951-d872f2087c98
* Blacklist certain leaf certificates.agl@chromium.org2011-03-171-0/+28
| | | | | | | | | BUG=none TEST=none Review URL: http://codereview.chromium.org/6670065 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@78478 0039d316-1c4b-4281-b951-d872f2087c98
* An RSA SSL server certificate whose Key Usage extension wtc@chromium.org2011-03-101-0/+23
| | | | | | | | | | | | | | | doesn't have the keyEncipherment bit should be reported as CERT_STATUS_INVALID. Map more NSS certificate errors. R=rsleevi BUG=70293 TEST=net_unittests --gtest_filter=X509CertificateTest.InvalidKeyUsage Review URL: http://codereview.chromium.org/6626033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@77661 0039d316-1c4b-4281-b951-d872f2087c98
* Adds PrintTo for CertificateNameVerifyTestData to make mac valgrind happy.bulach@chromium.org2011-03-081-0/+14
| | | | | | | | | | | | (see error at: http://build.chromium.org/p/chromium.memory/builders/Chromium%20Mac%20%28valgrind%29/builds/2279/steps/memory%20test%3A%20net/logs/stdiohttp://build.chromium.org/p/chromium.memory/builders/Chromium%20Mac%20%28valgrind%29/builds/2279/steps/memory%20test%3A%20net/logs/stdio) BUG=none TEST=mac-valgrind is green Review URL: http://codereview.chromium.org/6625086 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@77312 0039d316-1c4b-4281-b951-d872f2087c98
* Moves X509CertificateNameVerifyTest and removes x509_openssl_util_unittest.ccbulach@chromium.org2011-03-081-0/+84
| | | | | | | | | BUG=none TEST=X509CertificateNameVerifyTest.VerifyHostname, and also compiles with use_openssl=1 flag. Review URL: http://codereview.chromium.org/6627051 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@77285 0039d316-1c4b-4281-b951-d872f2087c98
* Add X509Certificate::VerifyCertName(string) API. This will be usedmbelshe@chromium.org2011-03-031-0/+7
| | | | | | | | | | | | | | to check if a name matches a cert without doing a full certificate verify. Use the API provided as part of NSS. For other platforms, provide a default implementation based on GetDNSNames. BUG=none TEST=X509CertificateTest.WebkitCertParsing Review URL: http://codereview.chromium.org/6612013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@76824 0039d316-1c4b-4281-b951-d872f2087c98
* Add ability to create self signed certs to mac.dmaclach@chromium.org2011-02-081-1/+97
| | | | | | | | | BUG=67929 TEST=BUILD Review URL: http://codereview.chromium.org/6312157 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@74115 0039d316-1c4b-4281-b951-d872f2087c98
* Fix the nits I pointed out in the review ofwtc@chromium.org2011-02-021-2/+2
| | | | | | | | | | | http://codereview.chromium.org/6002003/ R=hclam BUG=none TEST=net_unittests --gtest_filter=X509* Review URL: http://codereview.chromium.org/6049010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@73384 0039d316-1c4b-4281-b951-d872f2087c98
* Defines SSLServerSocket and implements SSLServerSocketNSShclam@chromium.org2010-12-231-0/+12
| | | | | | | | | | | | | | | | | Defines a SSLServerSocket interface. Implement this interface using NSS as SSLServerSocketNSS. This is the first version of the code. It disables several functions of NSS like caching, session ticket, reneogotiation, etc. This is implemented to suit the needs of Chromoting. Additional features of this socket will be added when necessary. BUG=None TEST=None Review URL: http://codereview.chromium.org/5746003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@70041 0039d316-1c4b-4281-b951-d872f2087c98
* Implement X509Certificate::CreateSelfSigned on Windowshclam@chromium.org2010-12-221-3/+3
| | | | | | | | | | | | In order to run SSLServerSocketNSS on windows a self signed certificate is needed. BUG=None TEST=net_unittests --gtest_filter=X509* Review URL: http://codereview.chromium.org/6002003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69984 0039d316-1c4b-4281-b951-d872f2087c98
* Create self signed X509 certificatehclam@chromium.org2010-12-171-0/+16
| | | | | | | | | | | | | In order to run a SSL server certificate and private key is needed. In the case of Chromoting the first step is to use self signed cert. This change allows to issue self signed cert. This is only implemented in NSS. BUG=None TEST=net_unittests Review URL: http://codereview.chromium.org/5754001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69573 0039d316-1c4b-4281-b951-d872f2087c98
* Add support for temporarily trusting a certificate for the duration of unit ↵rsleevi@chromium.org2010-12-161-34/+5
| | | | | | | | | | | | | | | tests on Windows, rather than requiring the machine to be pre-configured out-of-band. Given the lack of a Microsoft-provided high-level API to supply application-level trusts to the verification routines, this implements a workaround that intercepts attempts to open the trusted system root store and injects the test certificates directly. This allows the unit tests to work without requiring that the Test CA be added to the machine's Trusted Certificates store. While doing so, clean up the interface to adding/removing trusted test certificates, so as to support more than one trusted certificate if necessary. BUG=8470 TEST=To follow Review URL: http://codereview.chromium.org/4646001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69351 0039d316-1c4b-4281-b951-d872f2087c98
* Convert implicit scoped_refptr constructor calls to explicit ones, part 1thakis@chromium.org2010-11-011-38/+38
| | | | | | | | | | | This CL was created automatically by this clang rewriter: http://codereview.appspot.com/2776043/ . I manually fixed a few rough spots of the rewriter output (doh1-3) and fixed all presubmit errors. BUG=28083 TEST=None Review URL: http://codereview.chromium.org/4192012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64573 0039d316-1c4b-4281-b951-d872f2087c98
* Adds X509 certificates for OpenSSL.bulach@chromium.org2010-10-081-3/+10
| | | | | | | | | | Depends on http://codereview.chromium.org/3565006/show TEST=Existing *X509* tests should pass. Review URL: http://codereview.chromium.org/3529008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61955 0039d316-1c4b-4281-b951-d872f2087c98
* Fix PEM parsing on Linux when using X509Certificate::FORMAT_AUTOrsleevi@chromium.org2010-09-211-2/+13
| | | | | | | | | | | | | | | When using X509Certificate::FORMAT_AUTO, parsing is attempted optimistically first by seeing if the data decodes as any of the supported binary formats. The NSS routine used to handle PKCS#7 data is actually a generic routine, capable of supporting multiple formats. When a PEM encoded certificate is decoded using PKCS#7, as is the case with FORMAT_AUTO, NSS will, upon encountering a failure to parse as PKCS#7, attempt to PEM decode the data and parse as either a certificate or a PKCS#7 structure. The problem with NSS's implementation is that it only decodes a single certificate, rather than all of the certificates in the file, preventing a full PEM chain from being read in. The solution is to no longer optimistically try to decode the data as binary prior to trying to decode as PEM, and instead unconditionally attempt decoding as PEM-wrapped data before falling back to binary. This allows our handling routines to properly parse all of the supported PEM types, before the underlying crypto library is exposed to the data. BUG=37142 TEST=X509CertificateParseTest.CanParseFormat Review URL: http://codereview.chromium.org/3148034 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@60023 0039d316-1c4b-4281-b951-d872f2087c98
* Change EXPECT_ to ASSERT_ for X.509 tests where it will crash if the check failsrsleevi@chromium.org2010-08-211-9/+9
| | | | | | | | | | | Some of the X.509 parsing tests rely on a certain number of principals being returned, and will crash otherwise. Change the checks to be ASSERT_, so that the test fails gracefully rather than bringing down net_unittests BUG=none TEST=X509CertificateTest.* Review URL: http://codereview.chromium.org/3142016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57004 0039d316-1c4b-4281-b951-d872f2087c98
* Mac: Look for issuer in a certificate chain instead of subjectdavidben@chromium.org2010-08-031-0/+47
| | | | | | | | | | | | | | If the CA does not send us intermediate certificates, we may not be able to build a chain up to the relevant issuer. Instead, search the chain for certificates with just the correct issuer. R=wtc BUG=50980 TEST=X509CertificateTest.IsIssuedBy Review URL: http://codereview.chromium.org/3052035 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@54780 0039d316-1c4b-4281-b951-d872f2087c98
* Fix FLAKY X509CertificateParseTest.CanParseFormat on OS X 10.5 when decoding ↵rsleevi@chromium.org2010-07-231-12/+1
| | | | | | | | | | | | | | PEM-encoded PKCS#7 certificates that are marked with PEM pre-encapsulation boundary of BEGIN CERTIFICATE. OS X ignores the caller-supplied format if it determines that the incoming data is PEM encoded, attempting to parse using an internal routine that determines the incoming format based on the PEM block header. On 10.5, this results in invalid certificate handles being returned, because the data is not actually a certificate, and this propagates into invalid X509Certificates. By sanity checking the returned handles using the same method as CreateOSCertHandleFromBytes, the problem can be caught and the data can be decoded by PEMTokenizer into a format that 10.5 will respect. R=wtc BUG=49887 TEST=X509CertificateParseTest.CanParseFormat no longer fails on OS X 10.5 for variations /5 and /11 Review URL: http://codereview.chromium.org/3019019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53467 0039d316-1c4b-4281-b951-d872f2087c98
* Mark X509CertificateParseTest as FLAKY on OS X (for 10.5 builders)rsleevi@chromium.org2010-07-221-4/+15
| | | | | | | | | | | | | X509CertificateParseTest is failing for PKCS#7 data from PEM encoded blocks. When it fails, it crashes net_unittests because of an out-of-bounds read. Mark the test as FLAKY on OS X, and change the EXPECT to an ASSERT to suppres the crash BUG=49887 TEST=X509CertificateParseTest.CanParseFormat on OS X 10.5 no longer crashes Review URL: http://codereview.chromium.org/2868064 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53305 0039d316-1c4b-4281-b951-d872f2087c98
* Add support for parsing certificate formats other than raw, DER-encoded ↵rsleevi@chromium.org2010-07-221-10/+152
| | | | | | | | | | | | | | certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning. This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI. R=wtc BUG=37142 TEST=X509CertificateParseTest* and PEMTokenizerTest.* Review URL: http://codereview.chromium.org/2819018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53298 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 52799 - Add support for parsing certificate formats other than raw, ↵rsleevi@chromium.org2010-07-171-154/+8
| | | | | | | | | | | | | | | | | DER-encoded certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning. This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI. R=wtc BUG=37142 TEST=X509CertificateParseTest* and PEMTokenizerTest.* Review URL: http://codereview.chromium.org/2819018 TBR=rsleevi@chromium.org Review URL: http://codereview.chromium.org/2812064 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52801 0039d316-1c4b-4281-b951-d872f2087c98
* Add support for parsing certificate formats other than raw, DER-encoded ↵rsleevi@chromium.org2010-07-171-8/+154
| | | | | | | | | | | | | | certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning. This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI. R=wtc BUG=37142 TEST=X509CertificateParseTest* and PEMTokenizerTest.* Review URL: http://codereview.chromium.org/2819018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52799 0039d316-1c4b-4281-b951-d872f2087c98
* Minor clean-up tasks that were TODO(snej)rsleevi@chromium.org2010-07-171-20/+20
| | | | | | | | | | | | | | Rename Principal->CertPrincipal, Policy->CertPolicy, both of which are merely syntatic fluff. Rename Fingerprint->SHA1Fingerprint, which is more important since those using the fingerprint, such as the unit tests, were truly hardcoded against SHA-1 fingerprints, and if the fingerprint ever changed, wouldn't cause errors until run time. R=wtc BUG=None TEST=Compilers stay green Review URL: http://codereview.chromium.org/2815048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52789 0039d316-1c4b-4281-b951-d872f2087c98
* Make X509Certificate::CreateFromHandle() copy the OSCertHandle, rather than ↵rsleevi@chromium.org2010-06-261-6/+10
| | | | | | | | | | | | assume ownership R=wtc BUG=47463 TEST=none Review URL: http://codereview.chromium.org/2867026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50938 0039d316-1c4b-4281-b951-d872f2087c98
* X509CertificateTest.IntermediateCertificates leaks several native ↵rsleevi@chromium.org2010-06-241-24/+29
| | | | | | | | | | | | certificate handles during the execution of the test. R=wtc BUG=none TEST=X509CertificateTest.IntermediateCertificates Review URL: http://codereview.chromium.org/2809024 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50781 0039d316-1c4b-4281-b951-d872f2087c98
* chunk of straightforward ifdef/include changes for BSD portpvalchev@google.com2010-05-191-1/+1
| | | | | | | based on sprewell's patch Review URL: http://codereview.chromium.org/2069009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47687 0039d316-1c4b-4281-b951-d872f2087c98
* Do not use cert_pi_useAIACertFetch by default. Use it onlywtc@chromium.org2010-03-191-5/+66
| | | | | | | | | | | | | | | | | | | | | | | | when we are likely to be missing intermediate CA certificates. Work around the SEC_ERROR_POLICY_VALIDATION_FAILED error from CERT_PKIXVerifyCert by retrying CERT_PKIXVerifyCert with the certificate policy in the certificate. Map SEC_ERROR_POLICY_VALIDATION_FAILED to ERR_CERT_INVALID if we can't work around the error. Start the migration away from test_certificate_data.h to the certificate files in the src/net/data/ssl/certificates directory. R=eroman BUG=31497,30891,37549 TEST=A new unit test. To verify the fix for issue 31497 manually, must install the "DoD Root CA 2" certificate first (see comment 9 of bug 31497). Review URL: http://codereview.chromium.org/545103 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42118 0039d316-1c4b-4281-b951-d872f2087c98
* Thread-safety for X509Certificate's intermediate-certs list.snej@chromium.org2010-03-051-5/+67
| | | | | | | | | BUG=32553,30001 TEST=none Review URL: http://codereview.chromium.org/661223 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40797 0039d316-1c4b-4281-b951-d872f2087c98
* Revert my last commit 'cause it breaks net unit tests on OS X 10.6 :(snej@chromium.org2010-03-051-65/+5
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40743 0039d316-1c4b-4281-b951-d872f2087c98
* Thread-safety for X509Certificate's intermediate-certs list.snej@chromium.org2010-03-051-5/+65
| | | | | | | | | BUG=32553,30001 TEST=none Review URL: http://codereview.chromium.org/661223 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40742 0039d316-1c4b-4281-b951-d872f2087c98