New issue
Advanced search Search tips

Issue 651962 link

Starred by 3 users

Issue metadata

Status: Assigned
Owner:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows , Mac
Pri: 2
Type: Bug

Blocked on:
issue 671889



Sign in to add a comment

Unittest for client cert selection with intermediate certs

Project Member Reported by mattm@chromium.org, Sep 30 2016

Issue description

We currently have tests for client cert filtering, but only where the client cert is issued directly by the root certificate. We should add tests where the client cert is issued by an intermediate, to avoid a repeat of  issue 649953 . This requires the intermediate cert be in the OS keychain, cert DB, etc so that it can be found during the client cert filtering. This should be possible on Mac (using a custom keychain search list) and on NSS (using a ScopedNSSTestDB), other OSes will require more investigation.
 
ClientCertStoreNSSTest.BuildsCertificateChain actually ends up implicitly testing this. I just wrote it as a standalone thing though. I dunno how feasible it'd be to generalize it or if we want the tests to be platform-specific. The ClientCertStore*TestDelegate stuff is a little weird since it often hits test-only code.

Comment 2 by mattm@chromium.org, Sep 30 2016

Labels: -OS-All OS-Mac OS-Windows
Ah, didn't see that already existed for NSS. It may be possible to have a partially generalized test that just requires a platform specific helper to do the magic to put the intermediate cert in the DB/keychain/whatever.

Comment 3 by mattm@chromium.org, Dec 7 2016

Blockedon: 671889

Sign in to add a comment