Chiebot-Mirror
/
boringssl
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Disable check that X.509 extensions implies v3.

Browse Source 
Expect to reenable in January 2021.

Change-Id: I364ffcf235901398196c60c45ff1c07fcac3f801
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43024
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
chromium-5359
Adam Langley 5 years ago committed by Adam Langley
parent b13e7b5fdc
commit 5850a016b2
2 changed files with 13 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      crypto/x509/x509_test.cc
  2. 4
      crypto/x509/x_x509.c

12
crypto/x509/x509_test.cc
Unescape View File

@ -2372,6 +2372,11 @@ static const char kOverflowVersionPEM[] =
"xAcCIHweeRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU\n"
"-----END CERTIFICATE-----\n";
/*
Test cases disabled. TODO re-enable in Jan 2021.
https://crbug.com/boringssl/375
// kV1WithExtensionsPEM is an X.509v1 certificate with extensions.
static const char kV1WithExtensionsPEM[] =
"-----BEGIN CERTIFICATE-----\n"
@ -2401,6 +2406,7 @@ static const char kV2WithExtensionsPEM[] =
"BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n"
"BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n"
"-----END CERTIFICATE-----\n";
*/
// kV1WithIssuerUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
static const char kV1WithIssuerUniqueIDPEM[] =
@ -2440,8 +2446,10 @@ TEST(X509Test, InvalidVersion) {
EXPECT_FALSE(CertFromPEM(kNegativeVersionPEM));
EXPECT_FALSE(CertFromPEM(kFutureVersionPEM));
EXPECT_FALSE(CertFromPEM(kOverflowVersionPEM));
EXPECT_FALSE(CertFromPEM(kV1WithExtensionsPEM));
EXPECT_FALSE(CertFromPEM(kV2WithExtensionsPEM));
// Test cases disabled. TODO re-enable in Jan 2021.
// https://crbug.com/boringssl/375
//EXPECT_FALSE(CertFromPEM(kV1WithExtensionsPEM));
//EXPECT_FALSE(CertFromPEM(kV2WithExtensionsPEM));
EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM));
EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM));
}

4
crypto/x509/x_x509.c
Unescape View File

@ -136,10 +136,12 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
}
/* Per RFC5280, section 4.1.2.9, extensions require v3. */
/* Check disabled. TODO re-enable in Jan 2021.
https://crbug.com/boringssl/375
if (version != 2 && ret->cert_info->extensions != NULL) {
OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
return 0;
}
}*/
break;
}

Write Preview
Loading…
Cancel
Save