Issue 651962 link

Starred by 3 users

Issue metadata

Status:	Assigned
Owner:	mattm@chromium.org
Components:	Internals>Network>Certificate
EstimatedDays:	----
NextAction:	----
OS:	Windows , Mac
Pri:	2
Type:	Bug

Blocked on:
issue 671889

Unittest for client cert selection with intermediate certs

Project Member Reported by mattm@chromium.org, Sep 30 2016

Issue description

We currently have tests for client cert filtering, but only where the client cert is issued directly by the root certificate. We should add tests where the client cert is issued by an intermediate, to avoid a repeat of  issue 649953 . This requires the intermediate cert be in the OS keychain, cert DB, etc so that it can be found during the client cert filtering. This should be possible on Mac (using a custom keychain search list) and on NSS (using a ScopedNSSTestDB), other OSes will require more investigation.

Comment 1 by davidben@chromium.org, Sep 30 2016

ClientCertStoreNSSTest.BuildsCertificateChain actually ends up implicitly testing this. I just wrote it as a standalone thing though. I dunno how feasible it'd be to generalize it or if we want the tests to be platform-specific. The ClientCertStore*TestDelegate stuff is a little weird since it often hits test-only code.

Comment 2 by mattm@chromium.org, Sep 30 2016

Labels: -OS-All OS-Mac OS-Windows

Ah, didn't see that already existed for NSS. It may be possible to have a partially generalized test that just requires a platform specific helper to do the magic to put the intermediate cert in the DB/keychain/whatever.

Comment 3 by mattm@chromium.org, Dec 7 2016

Blockedon: 671889

►

Issue 651962 link

Issue metadata

Unittest for client cert selection with intermediate certs

Issue description

Comment 1 by davidben@chromium.org, Sep 30 2016

Comment 1 Deleted

Comment 2 by mattm@chromium.org, Sep 30 2016

Comment 2 Deleted

Comment 3 by mattm@chromium.org, Dec 7 2016

Comment 3 Deleted

Sign in to add a comment