commit 2e9e66ad8f35ee615e79da22ff91b0fa94607ca8
author Robert Sloan <varomodt@google.com> Mon Sep 25 09:08:29 2017 -0700
committer Robert Sloan <varomodt@google.com> Mon Sep 25 09:09:18 2017 -0700
tree 8e7fcf46cf385ba5c71296259197e207e9164370
parent db4251af0823393f084e17c67401b51536ae4cea

external/boringssl: Sync to 3a18bf04745c0ef9850efeec1a52e402c4392388.

This includes the following changes:

https://boringssl.googlesource.com/boringssl/+log/9a127b43b8b78a135d6b64a3e25b8a704c2c069f..3a18bf04745c0ef9850efeec1a52e402c4392388

Test: BoringSSL CTS Presubmits.
Change-Id: Id39a146b1a6d7483f4142a7c191796ba65f32883

src/crypto/x509/x509_test.cc

diff --git a/src/crypto/x509/x509_test.cc b/src/crypto/x509/x509_test.cc
index 1b34578..2fb1b1b 100644
--- a/src/crypto/x509/x509_test.cc
+++ b/src/crypto/x509/x509_test.cc
@@ -30,6 +30,8 @@
 #include "../internal.h"
 
 
+std::string GetTestData(const char *path);
+
 static const char kCrossSigningRootPEM[] =
     "-----BEGIN CERTIFICATE-----\n"
     "MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE\n"
@@ -657,6 +659,47 @@
                    {unknown_critical_crl2.get()}, X509_V_FLAG_CRL_CHECK));
 }
 
+TEST(X509Test, ManyNamesAndConstraints) {
+  bssl::UniquePtr<X509> many_constraints(
+      CertFromPEM(GetTestData("crypto/x509/many_constraints.pem").c_str()));
+  ASSERT_TRUE(many_constraints);
+  bssl::UniquePtr<X509> many_names1(
+      CertFromPEM(GetTestData("crypto/x509/many_names1.pem").c_str()));
+  ASSERT_TRUE(many_names1);
+  bssl::UniquePtr<X509> many_names2(
+      CertFromPEM(GetTestData("crypto/x509/many_names2.pem").c_str()));
+  ASSERT_TRUE(many_names2);
+  bssl::UniquePtr<X509> many_names3(
+      CertFromPEM(GetTestData("crypto/x509/many_names3.pem").c_str()));
+  ASSERT_TRUE(many_names3);
+  bssl::UniquePtr<X509> some_names1(
+      CertFromPEM(GetTestData("crypto/x509/some_names1.pem").c_str()));
+  ASSERT_TRUE(some_names1);
+  bssl::UniquePtr<X509> some_names2(
+      CertFromPEM(GetTestData("crypto/x509/some_names2.pem").c_str()));
+  ASSERT_TRUE(some_names2);
+  bssl::UniquePtr<X509> some_names3(
+      CertFromPEM(GetTestData("crypto/x509/some_names3.pem").c_str()));
+  ASSERT_TRUE(some_names3);
+
+  EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
+            Verify(many_names1.get(), {many_constraints.get()},
+                   {many_constraints.get()}, {}));
+  EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
+            Verify(many_names2.get(), {many_constraints.get()},
+                   {many_constraints.get()}, {}));
+  EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
+            Verify(many_names3.get(), {many_constraints.get()},
+                   {many_constraints.get()}, {}));
+
+  EXPECT_EQ(X509_V_OK, Verify(some_names1.get(), {many_constraints.get()},
+                              {many_constraints.get()}, {}));
+  EXPECT_EQ(X509_V_OK, Verify(some_names2.get(), {many_constraints.get()},
+                              {many_constraints.get()}, {}));
+  EXPECT_EQ(X509_V_OK, Verify(some_names3.get(), {many_constraints.get()},
+                              {many_constraints.get()}, {}));
+}
+
 TEST(X509Test, TestPSS) {
   bssl::UniquePtr<X509> cert(CertFromPEM(kExamplePSSCert));
   ASSERT_TRUE(cert);