From bab6cac3c2ad3f335a4694f3ea0b33477a98508b Mon Sep 17 00:00:00 2001 From: "wtc@chromium.org" Date: Fri, 30 Oct 2009 16:34:49 +0000 Subject: X509Certificate::Verify should honor the VERIFY_REV_CHECKING_ENABLED flag. This allows us to enable part of the X509CertificateTest.PaypalNullCertParsing test for Linux because the test disables revocation checking, thereby avoiding the overly strict assertion in nss_ocsp.cc. Enable cert_pi_useAIACertFetch to fetch missing intermediate CA certificates. Handle a non-certificate error reported by PKIXVerifyCert. R=ukai BUG=none TEST=none Review URL: http://codereview.chromium.org/333033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30585 0039d316-1c4b-4281-b951-d872f2087c98 --- net/base/x509_certificate_unittest.cc | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'net/base/x509_certificate_unittest.cc') diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc index 7eef2f4..6c2e54d 100644 --- a/net/base/x509_certificate_unittest.cc +++ b/net/base/x509_certificate_unittest.cc @@ -676,11 +676,6 @@ TEST(X509CertificateTest, PaypalNullCertParsing) { for (size_t i = 0; i < 20; ++i) EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); -#if defined(OS_WIN) - // TODO(wtc): The Linux try bots still have NSS 3.12.0. They need to be - // updated to NSS 3.12.3.1 or later. Also, nss_ocsp.cc asserts that the - // current thread is a worker thread in our thread pool and therefore has - // no message loop. That assertion is overly strict. int flags = 0; CertVerifyResult verify_result; int error = paypal_null_cert->Verify("www.paypal.com", flags, @@ -689,6 +684,9 @@ TEST(X509CertificateTest, PaypalNullCertParsing) { // Either the system crypto library should correctly report a certificate // name mismatch, or our certificate blacklist should cause us to report an // invalid certificate. +#if defined(OS_WIN) + // TODO(wtc): The Linux try bots still have NSS 3.12.0. They need to be + // updated to NSS 3.12.3.1 or later. EXPECT_NE(0, verify_result.cert_status & (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); #endif -- cgit v1.1