external/boringssl: Sync to 3a18bf04745c0ef9850efeec1a52e402c4392388.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/9a127b43b8b78a135d6b64a3e25b8a704c2c069f..3a18bf04745c0ef9850efeec1a52e402c4392388
Test: BoringSSL CTS Presubmits.
Change-Id: Id39a146b1a6d7483f4142a7c191796ba65f32883
diff --git a/src/crypto/x509/x509_test.cc b/src/crypto/x509/x509_test.cc
index 1b34578..2fb1b1b 100644
--- a/src/crypto/x509/x509_test.cc
+++ b/src/crypto/x509/x509_test.cc
@@ -30,6 +30,8 @@
#include "../internal.h"
+std::string GetTestData(const char *path);
+
static const char kCrossSigningRootPEM[] =
"-----BEGIN CERTIFICATE-----\n"
"MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE\n"
@@ -657,6 +659,47 @@
{unknown_critical_crl2.get()}, X509_V_FLAG_CRL_CHECK));
}
+TEST(X509Test, ManyNamesAndConstraints) {
+ bssl::UniquePtr<X509> many_constraints(
+ CertFromPEM(GetTestData("crypto/x509/many_constraints.pem").c_str()));
+ ASSERT_TRUE(many_constraints);
+ bssl::UniquePtr<X509> many_names1(
+ CertFromPEM(GetTestData("crypto/x509/many_names1.pem").c_str()));
+ ASSERT_TRUE(many_names1);
+ bssl::UniquePtr<X509> many_names2(
+ CertFromPEM(GetTestData("crypto/x509/many_names2.pem").c_str()));
+ ASSERT_TRUE(many_names2);
+ bssl::UniquePtr<X509> many_names3(
+ CertFromPEM(GetTestData("crypto/x509/many_names3.pem").c_str()));
+ ASSERT_TRUE(many_names3);
+ bssl::UniquePtr<X509> some_names1(
+ CertFromPEM(GetTestData("crypto/x509/some_names1.pem").c_str()));
+ ASSERT_TRUE(some_names1);
+ bssl::UniquePtr<X509> some_names2(
+ CertFromPEM(GetTestData("crypto/x509/some_names2.pem").c_str()));
+ ASSERT_TRUE(some_names2);
+ bssl::UniquePtr<X509> some_names3(
+ CertFromPEM(GetTestData("crypto/x509/some_names3.pem").c_str()));
+ ASSERT_TRUE(some_names3);
+
+ EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
+ Verify(many_names1.get(), {many_constraints.get()},
+ {many_constraints.get()}, {}));
+ EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
+ Verify(many_names2.get(), {many_constraints.get()},
+ {many_constraints.get()}, {}));
+ EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
+ Verify(many_names3.get(), {many_constraints.get()},
+ {many_constraints.get()}, {}));
+
+ EXPECT_EQ(X509_V_OK, Verify(some_names1.get(), {many_constraints.get()},
+ {many_constraints.get()}, {}));
+ EXPECT_EQ(X509_V_OK, Verify(some_names2.get(), {many_constraints.get()},
+ {many_constraints.get()}, {}));
+ EXPECT_EQ(X509_V_OK, Verify(some_names3.get(), {many_constraints.get()},
+ {many_constraints.get()}, {}));
+}
+
TEST(X509Test, TestPSS) {
bssl::UniquePtr<X509> cert(CertFromPEM(kExamplePSSCert));
ASSERT_TRUE(cert);