OpenSSL: fix serial number tests.

net/base/x509_certificate_openssl.cc

Index: net/base/x509_certificate_openssl.cc
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc
index ac5b75c83d47a84133c8ac65c0f3d4a8f3c162cf..40e2ecfcc5710f2ff5a30d48a48f9835b638ee9a 100644
--- a/net/base/x509_certificate_openssl.cc
+++ b/net/base/x509_certificate_openssl.cc
@@ -332,6 +332,13 @@ void X509Certificate::Initialize() {
     serial_number_ = std::string(
         reinterpret_cast<char*>(num->data),
         num->length);
+    if ((num->type & V_ASN1_NEG) == 0 &&
+        num->length != 0 &&
+        num->data[0] >= 0x80) {

[joth, 2011/10/31 17:17:45]

nit: I find the last term slightly easier to read as
&& num->data[0] & 0x80

but I don't care that much either way.

[agl, 2011/10/31 17:23:45]

Done.

+      // The non-negative serial_number_ needs to be padded with a leading 0
+      // byte in order that the MSB isn't set.

[joth, 2011/10/31 17:17:45]

is there a reasonable hint you could add here as to why this is only needed on
openssl? maybe useful if anyone is ever diffing this with nss etc.

[agl, 2011/10/31 17:23:45]

Have expanded the comment.

+      serial_number_ = std::string("", 1) + serial_number_;
+    }
   }
 
   ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_);