Switch x509_test.cc to modify the existing X509_VERIFY_PARAM.

There are two ways to configure an X509_STORE_CTX after X509_STORE_CTX_init. One can either modify the already initialized X509_VERIFY_PARAM or replace it. Modifying the existing one is more common. Replacing it actually misses some defaults. (See issue #441 for details.) In preparation for actually being able to test changes to the default, switch tests to that model. In doing so, no longer need to explicitly configure the depth and can test that default. (Though we should write tests for the depth at some point.) Bug: 439, 441 Change-Id: I254a82585d70d44eb94920f604891ebfbff4af4c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49745 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>
3 years ago · 2bde9365fa
parent 87f316d774
commit 2bde9365fa
1 changed files with 1 additions and 6 deletions
--- a/crypto/x509/x509_test.cc
+++ b/crypto/x509/x509_test.cc
@ -1146,19 +1146,14 @@ static int Verify(X509 *leaf, const std::vector<X509 *> &roots,
  X509_STORE_CTX_trusted_stack(ctx.get(), roots_stack.get());
  X509_STORE_CTX_set0_crls(ctx.get(), crls_stack.get());

-  X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
-  if (param == nullptr) {
-    return X509_V_ERR_UNSPECIFIED;
-  }
+  X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx.get());
  X509_VERIFY_PARAM_set_time(param, kReferenceTime);
-  X509_VERIFY_PARAM_set_depth(param, 16);
  if (configure_callback) {
    configure_callback(param);
  }
  if (flags) {
    X509_VERIFY_PARAM_set_flags(param, flags);
  }
-  X509_STORE_CTX_set0_param(ctx.get(), param);

  ERR_clear_error();
  if (X509_verify_cert(ctx.get()) != 1) {