Add more robust OCSP fetching tests |
|
Issue descriptionBased on code coverage from the Linux bots, there's opportunity to improve our testing story for OCSP. 1. Hanging OCSP response (timeout) 2. Shutting down the network stack while there are still pending OCSP requests. 3. OCSP responders that do redirects to non-HTTP endpoints 4. OCSP responders on HTTPS 5. OCSP response bodies that are larger than our maximum permitted response size 6. OCSP responders that just hang-up on us (don't provide an HTTP response code) 7. Our OCSP responder rewriter for the Network Solutions certs
,
May 17 2018
fwiw, may be a few bits that are tested but just not on the coverage dashboard, since os_fuschia is the only platform currently using CertVerifyProcBuiltin as the default verifier. (Ex, CertNetFetcher OCSP fetching should be tested by HTTPSOCSPTest.Intermediate*)
,
May 17 2018
Right, the coverage for the CertNetFetcher is https://chromium-coverage.appspot.com/reports/559420/linux/chromium/src/net/cert_net/cert_net_fetcher_impl.cc.html I was suggesting we might actually want explicit unittests for that (in https://chromium-coverage.appspot.com/reports/559420/linux/chromium/src/net/cert_net/cert_net_fetcher_impl_unittest.cc.html ) to cover those paths. The other coverage was https://chromium-coverage.appspot.com/reports/559420/linux/chromium/src/net/cert_net/nss_ocsp.cc.html that we'd want to beef up in https://chromium-coverage.appspot.com/reports/559420/linux/chromium/src/net/cert_net/nss_ocsp_unittest.cc.html |
|
►
Sign in to add a comment |
|
Comment 1 by rsleevi@chromium.org
, May 15 2018