From b3dfdd83b1cf55b787433c6ad6bcca97269b528f Mon Sep 17 00:00:00 2001 From: mattm Date: Mon, 28 Dec 2015 14:18:22 -0800 Subject: Remove trust from any certs in ScopedTestDB before closing it. Otherwise NSS may cache verification results even after the test DB is gone. BUG=569657 TEST=net_unittests --gtest_filter='CertDatabaseNSSTest.ImportCaAndServerCert:TestRootCertsTest.OverrideTrust' --gtest_shuffle --gtest_repeat=25 Review URL: https://codereview.chromium.org/1532223005 Cr-Commit-Position: refs/heads/master@{#367016} --- crypto/scoped_test_nss_db.cc | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'crypto') diff --git a/crypto/scoped_test_nss_db.cc b/crypto/scoped_test_nss_db.cc index 452c26d..dc58031 100644 --- a/crypto/scoped_test_nss_db.cc +++ b/crypto/scoped_test_nss_db.cc @@ -4,6 +4,8 @@ #include "crypto/scoped_test_nss_db.h" +#include + #include "base/logging.h" #include "base/threading/thread_restrictions.h" #include "crypto/nss_util.h" @@ -26,6 +28,22 @@ ScopedTestNSSDB::ScopedTestNSSDB() { } ScopedTestNSSDB::~ScopedTestNSSDB() { + // Remove trust from any certs in the test DB before closing it. Otherwise NSS + // may cache verification results even after the test DB is gone. + if (slot_) { + CERTCertList* cert_list = PK11_ListCertsInSlot(slot_.get()); + for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); + !CERT_LIST_END(node, cert_list); + node = CERT_LIST_NEXT(node)) { + CERTCertTrust trust = {0}; + if (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), node->cert, &trust) != + SECSuccess) { + LOG(ERROR) << "CERT_ChangeCertTrust failed: " << PORT_GetError(); + } + } + CERT_DestroyCertList(cert_list); + } + // Don't close when NSS is < 3.15.1, because it would require an additional // sleep for 1 second after closing the database, due to // http://bugzil.la/875601. -- cgit v1.1