net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem - Issue 1690123002: Reduce Certificate Parsing Strictness

Unified Diff: net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem

Issue 1690123002: Reduce Certificate Parsing Strictness (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fixing unittest. Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem

diff --git a/net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem b/net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem

index efbf0533da48d85a56c5362ca9ce788dbedeae2e..4e7d587513cdfd1041a2d43e437fd34e8781f7ae 100644

--- a/net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem

+++ b/net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem

@@ -1,11 +1,11 @@

This is a TBSCertificate where the serial number is more than 20 octets (21

-octets, where first octet is a 0). This violates the rules in RFC 5280.

+octets, where first octet is a 0). This violates the rules in RFC 5280 however

+it is still accepted for compatibility.

$ openssl asn1parse -i < [TBS CERTIFICATE]

0:d=0 hl=2 l= 80 cons: SEQUENCE

2:d=1 hl=2 l= 3 cons: cont [ 0 ]

- 4:d=2 hl=2 l= 1 prim: INTEGER :00

+ 4:d=2 hl=2 l= 1 prim: INTEGER :02

7:d=1 hl=2 l= 21 prim: INTEGER :D8C37E4D87F9C8C82BAF26EF53501DF1FCF3A520

30:d=1 hl=2 l= 3 cons: SEQUENCE

32:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01

@@ -19,6 +19,50 @@ $ openssl asn1parse -i < [TBS CERTIFICATE]

77:d=1 hl=2 l= 3 cons: SEQUENCE

79:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3

-----BEGIN TBS CERTIFICATE-----

-MFCgAwIBAAIVANjDfk2H+cjIK68m71NQHfH886UgMAMEAQEwAwQBBTAeFw0xMjEwMTgwMzEyMDB

+MFCgAwIBAgIVANjDfk2H+cjIK68m71NQHfH886UgMAMEAQEwAwQBBTAeFw0xMjEwMTgwMzEyMDB

aFw0xMzEwMTgxNDU5NTlaMAMEAYMwAwQB8w==

-----END TBS CERTIFICATE-----

+-----BEGIN SERIAL NUMBER-----

+ANjDfk2H+cjIK68m71NQHfH886Ug

+-----END SERIAL NUMBER-----

+$ openssl asn1parse -i < [SIGNATURE ALGORITHM]

+ 0:d=0 hl=2 l= 3 cons: SEQUENCE

+ 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01

+-----BEGIN SIGNATURE ALGORITHM-----

+MAMEAQE=

+-----END SIGNATURE ALGORITHM-----

+$ openssl asn1parse -i < [ISSUER]

+ 0:d=0 hl=2 l= 3 cons: SEQUENCE

+ 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05

+-----BEGIN ISSUER-----

+MAMEAQU=

+-----END ISSUER-----

+VALIDITY NOTBEFORE: year=2012, month=10, day=18, hours=3, minutes=12, seconds=0

+-----BEGIN VALIDITY NOTBEFORE-----

+eWVhcj0yMDEyLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0zLCBtaW51dGVzPTEyLCBzZWNvbmR

+zPTA=

+-----END VALIDITY NOTBEFORE-----

+VALIDITY NOTAFTER: year=2013, month=10, day=18, hours=14, minutes=59, seconds=59

+-----BEGIN VALIDITY NOTAFTER-----

+eWVhcj0yMDEzLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0xNCwgbWludXRlcz01OSwgc2Vjb25

+kcz01OQ==

+-----END VALIDITY NOTAFTER-----

+$ openssl asn1parse -i < [SUBJECT]

+ 0:d=0 hl=2 l= 3 cons: SEQUENCE

+ 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83

+-----BEGIN SUBJECT-----

+MAMEAYM=

+-----END SUBJECT-----

+$ openssl asn1parse -i < [SPKI]

+ 0:d=0 hl=2 l= 3 cons: SEQUENCE

+ 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3

+-----BEGIN SPKI-----

+MAMEAfM=

+-----END SPKI-----

« net/cert/internal/signature_algorithm.cc ('K') | « net/cert/internal/signature_algorithm_unittest.cc ('k') | no next file » | no next file with comments »