Reduce Certificate Parsing Strictness

net/cert/internal/signature_algorithm.cc

Index: net/cert/internal/signature_algorithm.cc
diff --git a/net/cert/internal/signature_algorithm.cc b/net/cert/internal/signature_algorithm.cc
index 23812546e366a954cd1f4d435f031d386e7671b2..ae23b0919ebccd07f2faeaf1ee29e730d9322b71 100644
--- a/net/cert/internal/signature_algorithm.cc
+++ b/net/cert/internal/signature_algorithm.cc
@@ -226,7 +226,8 @@ WARN_UNUSED_RESULT bool IsNull(const der::Input& input) {
 // Returns a nullptr on failure.
 //
 // RFC 5912 requires that the parameters for RSA PKCS#1 v1.5 algorithms be NULL
-// ("PARAMS TYPE NULL ARE required"):
+// ("PARAMS TYPE NULL ARE required"), however an empty parameter is also
+// allowed for compatibility with non-compliant responders:

[eroman, 2016/02/23 22:09:52]

responders --> OCSP responders

[svaldez, 2016/02/24 16:36:57]

Done.

 //
 //     sa-rsaWithSHA1 SIGNATURE-ALGORITHM ::= {
 //      IDENTIFIER sha1WithRSAEncryption
@@ -261,7 +262,8 @@ WARN_UNUSED_RESULT bool IsNull(const der::Input& input) {
 //     }
 scoped_ptr<SignatureAlgorithm> ParseRsaPkcs1(DigestAlgorithm digest,
                                              const der::Input& params) {
-  if (!IsNull(params))
+  // TODO: Add warning about non-strict parsing.

[eroman, 2016/02/23 22:09:52]

TODO(svaldez):

[svaldez, 2016/02/24 16:36:57]

Done.

+  if (!IsNull(params) && !IsEmpty(params))
     return nullptr;
 
   return SignatureAlgorithm::CreateRsaPkcs1(digest);