remove leaf_from_known_root.pem and the test depending on it [chromium/src : main]
0 views
Skip to first unread message
Matt Mueller (Gerrit)
Oct 10, 2025, 4:49:07 PM (2 days ago) Oct 10
to Matt Mueller, Nick Harper, Chromium LUCI CQ, chromium...@chromium.org, net-r...@chromium.org
Attention needed from Nick Harper
New activity on the change![]( "Open in Gerrit")
Related details
Attention is currently required from:
- Nick Harper
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Nick Harper (Gerrit)
Oct 10, 2025, 5:59:01 PM (2 days ago) Oct 10
to Matt Mueller, Chromium LUCI CQ, chromium...@chromium.org, net-r...@chromium.org
Attention needed from Matt Mueller
Nick Harper added 2 comments![]( "Open in Gerrit")
Patchset-level comments
File-level comment, Patchset 2 (Latest):
Nick Harper . resolved
I agree it makes sense to remove this time bomb (especially with the upcoming reduced cert validity). I still think it's good to test this functionality and I think it's possible without too much difficulty.
File net/cert/cert_verify_proc_unittest.cc
Line 1413, Patchset 2 (Parent):
EXPECT_TRUE(verify_result.is_issued_by_known_root);Nick Harper . unresolved
I don't see any other tests in here checking that `is_issued_by_known_root` is set correctly. I do see that `net::ScopedTestKnownRoot` can be used to mark a test cert as a known root, and cert_verify_proc_builtin_unittest.cc uses this for some CT tests.
Here or in cert_verify_proc_builtin_unittest.cc can you add a test that specifically tests that `is_issued_by_known_root` is populated correctly?
Related details
Attention is currently required from:
- Matt Mueller
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages