Google Git
Sign in
chromium / chromium / src.git / be0fff6dceca7a2c6d7ec18275e5d4f766e97059^! / . / net / url_request / url_request_unittest.cc
commitbe0fff6dceca7a2c6d7ec18275e5d4f766e97059[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Thu Aug 29 23:37:48 2013
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Thu Aug 29 23:37:48 2013
treee672d7f16188577534fac53fc3650cf7b9c593f7
parentf332efa097c118d5aaa7fef1f045c61bc9b0ef93 [diff] [blame]
net: test that cert is marked as revoked if EV revocation check receives revoked response (Win).

If we do an online revocation check because a certificate is EV and we don't
have CRLSet coverage then we would like to mark the certificate as revoked
if the check indicates that, rather than just removing the EV badge.

However, on non-Windows platforms we don't get enough information from the
verification so this change just adds a test for Windows.

This also fixes a small memory leak.

BUG=279282

Review URL: https://chromiumcodereview.appspot.com/23441005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@220429 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 13462ff..1cb5f6fd 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc

@@ -5727,6 +5727,34 @@
             static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED));
 }
 
+TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndRevokedOCSP) {
+  if (!SystemSupportsOCSP()) {
+    LOG(WARNING) << "Skipping test because system doesn't support OCSP";
+    return;
+  }
+
+  SpawnedTestServer::SSLOptions ssl_options(
+      SpawnedTestServer::SSLOptions::CERT_AUTO);
+  ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_REVOKED;
+  SSLConfigService::SetCRLSet(scoped_refptr<CRLSet>());
+
+  CertStatus cert_status;
+  DoConnection(ssl_options, &cert_status);
+
+  // Currently only works for Windows. When using NSS or OS X, it's not
+  // possible to determine whether the check failed because of actual
+  // revocation or because there was an OCSP failure.
+#if defined(OS_WIN)
+  EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
+#else
+  EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
+#endif
+
+  EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
+  EXPECT_EQ(SystemUsesChromiumEVMetadata(),
+            static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED));
+}
+
 TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndGoodOCSP) {
   if (!SystemSupportsOCSP()) {
     LOG(WARNING) << "Skipping test because system doesn't support OCSP";