CFStringRef keyString = reinterpret_cast<CFStringRef>(key);
if (CFEqual(keyString, CFSTR("NotValidBefore")) || CFEqual(keyString, CFSTR("ValidLeaf")) ||
- CFEqual(keyString, CFSTR("ValidIntermediates")) || CFEqual(keyString, CFSTR("ValidRoot")))
+ CFEqual(keyString, CFSTR("ValidIntermediates")) || CFEqual(keyString, CFSTR("ValidRoot")) ||
+ CFEqual(keyString, CFSTR("TemporalValidity")))
*pStatus |= PAL_X509ChainNotTimeValid;
else if (CFEqual(keyString, CFSTR("Revocation")))
*pStatus |= PAL_X509ChainRevoked;
*pStatus |= PAL_X509ChainExplicitDistrust;
else if (CFEqual(keyString, CFSTR("RevocationResponseRequired")))
*pStatus |= PAL_X509ChainRevocationStatusUnknown;
+ else if (CFEqual(keyString, CFSTR("MissingIntermediate")))
+ *pStatus |= PAL_X509ChainPartialChain;
else if (CFEqual(keyString, CFSTR("WeakLeaf")) || CFEqual(keyString, CFSTR("WeakIntermediates")) ||
- CFEqual(keyString, CFSTR("WeakRoot")))
+ CFEqual(keyString, CFSTR("WeakRoot")) || CFEqual(keyString, CFSTR("WeakKeySize")))
{
// Because we won't report this out of a chain built by .NET on Windows,
// don't report it here.
}
else if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
{
- expectedFlags = X509ChainStatusFlags.UntrustedRoot;
+ // For OSX alone expectedFlags here means OR instead of AND.
+ // Because the error code changed in 10.13.4 from UntrustedRoot to PartialChain
+ // and we handle that later in this test.
+ expectedFlags =
+ X509ChainStatusFlags.UntrustedRoot |
+ X509ChainStatusFlags.PartialChain;
}
else
{
X509ChainStatusFlags.NoError,
(a, b) => a | b);
+ if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
+ {
+ // If we're on 10.13.3 or older we get UntrustedRoot.
+ // If we're on 10.13.4 or newer we get PartialChain.
+ //
+ // So make the expectedValue be whichever of those two is set.
+ expectedFlags = (expectedFlags & allFlags);
+ // One of them has to be set.
+ Assert.NotEqual(X509ChainStatusFlags.NoError, expectedFlags);
+ // Continue executing now to ensure that no other unexpected flags were set.
+ }
+
Assert.Equal(expectedFlags, allFlags);
}
}