Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(288)

Unified Diff: net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem

Issue 1690123002: Reduce Certificate Parsing Strictness (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixing unittest. Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem
diff --git a/net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem b/net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem
index efbf0533da48d85a56c5362ca9ce788dbedeae2e..4e7d587513cdfd1041a2d43e437fd34e8781f7ae 100644
--- a/net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem
+++ b/net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem
@@ -1,11 +1,11 @@
This is a TBSCertificate where the serial number is more than 20 octets (21
-octets, where first octet is a 0). This violates the rules in RFC 5280.
-
+octets, where first octet is a 0). This violates the rules in RFC 5280 however
+it is still accepted for compatibility.
$ openssl asn1parse -i < [TBS CERTIFICATE]
0:d=0 hl=2 l= 80 cons: SEQUENCE
2:d=1 hl=2 l= 3 cons: cont [ 0 ]
- 4:d=2 hl=2 l= 1 prim: INTEGER :00
+ 4:d=2 hl=2 l= 1 prim: INTEGER :02
7:d=1 hl=2 l= 21 prim: INTEGER :D8C37E4D87F9C8C82BAF26EF53501DF1FCF3A520
30:d=1 hl=2 l= 3 cons: SEQUENCE
32:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01
@@ -19,6 +19,50 @@ $ openssl asn1parse -i < [TBS CERTIFICATE]
77:d=1 hl=2 l= 3 cons: SEQUENCE
79:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3
-----BEGIN TBS CERTIFICATE-----
-MFCgAwIBAAIVANjDfk2H+cjIK68m71NQHfH886UgMAMEAQEwAwQBBTAeFw0xMjEwMTgwMzEyMDB
+MFCgAwIBAgIVANjDfk2H+cjIK68m71NQHfH886UgMAMEAQEwAwQBBTAeFw0xMjEwMTgwMzEyMDB
aFw0xMzEwMTgxNDU5NTlaMAMEAYMwAwQB8w==
-----END TBS CERTIFICATE-----
+
+-----BEGIN SERIAL NUMBER-----
+ANjDfk2H+cjIK68m71NQHfH886Ug
+-----END SERIAL NUMBER-----
+
+$ openssl asn1parse -i < [SIGNATURE ALGORITHM]
+ 0:d=0 hl=2 l= 3 cons: SEQUENCE
+ 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01
+-----BEGIN SIGNATURE ALGORITHM-----
+MAMEAQE=
+-----END SIGNATURE ALGORITHM-----
+
+$ openssl asn1parse -i < [ISSUER]
+ 0:d=0 hl=2 l= 3 cons: SEQUENCE
+ 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05
+-----BEGIN ISSUER-----
+MAMEAQU=
+-----END ISSUER-----
+
+VALIDITY NOTBEFORE: year=2012, month=10, day=18, hours=3, minutes=12, seconds=0
+-----BEGIN VALIDITY NOTBEFORE-----
+eWVhcj0yMDEyLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0zLCBtaW51dGVzPTEyLCBzZWNvbmR
+zPTA=
+-----END VALIDITY NOTBEFORE-----
+
+VALIDITY NOTAFTER: year=2013, month=10, day=18, hours=14, minutes=59, seconds=59
+-----BEGIN VALIDITY NOTAFTER-----
+eWVhcj0yMDEzLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0xNCwgbWludXRlcz01OSwgc2Vjb25
+kcz01OQ==
+-----END VALIDITY NOTAFTER-----
+
+$ openssl asn1parse -i < [SUBJECT]
+ 0:d=0 hl=2 l= 3 cons: SEQUENCE
+ 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83
+-----BEGIN SUBJECT-----
+MAMEAYM=
+-----END SUBJECT-----
+
+$ openssl asn1parse -i < [SPKI]
+ 0:d=0 hl=2 l= 3 cons: SEQUENCE
+ 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3
+-----BEGIN SPKI-----
+MAMEAfM=
+-----END SPKI-----
« net/cert/internal/signature_algorithm.cc ('K') | « net/cert/internal/signature_algorithm_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698