| Index: net/base/x509_certificate_unittest.cc
|
| ===================================================================
|
| --- net/base/x509_certificate_unittest.cc (revision 77730)
|
| +++ net/base/x509_certificate_unittest.cc (working copy)
|
| @@ -470,6 +470,36 @@
|
| #endif
|
| }
|
|
|
| +// A regression test for http://crbug.com/63988.
|
| +// Do not report ERR_CERT_INVALID on a certificate with an empty Subject field
|
| +// and a subjectAltName extension that is not marked as critical.
|
| +TEST(X509CertificateTest, EmptySubject) {
|
| + FilePath certs_dir = GetTestCertsDirectory();
|
| +
|
| + scoped_refptr<X509Certificate> server_cert =
|
| + ImportCertFromFile(certs_dir, "empty_subject_cert.der");
|
| + ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);
|
| +
|
| + int flags = 0;
|
| + CertVerifyResult verify_result;
|
| + int error = server_cert->Verify("1.1.1.1", flags, &verify_result);
|
| +
|
| + // We no longer map the invalid subject error to CERT_STATUS_INVALID on the
|
| + // Mac.
|
| + EXPECT_NE(ERR_CERT_INVALID, error);
|
| + EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_INVALID);
|
| +
|
| + // The subjectAltName extension contains an iPAddress of "1.1.1.1", but
|
| + // we map the invalid empty subject error to CERT_STATUS_COMMON_NAME_INVALID
|
| + // on the Mac.
|
| +#if defined(OS_MACOSX)
|
| + EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);
|
| +#endif
|
| +
|
| + // The certificate is self-signed.
|
| + EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
|
| +}
|
| +
|
| // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We
|
| // call X509Certificate::CreateFromHandle several times and observe whether
|
| // it returns a cached or new X509Certificate object.
|
|
|