diff options
| author | achuith@chromium.org <achuith@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-10-25 08:37:07 +0000 |
|---|---|---|
| committer | achuith@chromium.org <achuith@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-10-25 08:37:07 +0000 |
| commit | 5edbc0fbe36ee7cf6b281c4ee3307add2aa89036 (patch) | |
| tree | c34075acc750116f85b1d712b0cc250dbbbaec3c /net/base/x509_certificate_unittest.cc | |
| parent | d881b80bf18b85c71cec936024fa5340f4be75e2 (diff) | |
| download | chromium_src-5edbc0fbe36ee7cf6b281c4ee3307add2aa89036.zip chromium_src-5edbc0fbe36ee7cf6b281c4ee3307add2aa89036.tar.gz chromium_src-5edbc0fbe36ee7cf6b281c4ee3307add2aa89036.tar.bz2 | |
Revert 107075 - Disallow wildcards from matching top-level registry controlled domains during cert validation.
BUG=100442
TEST=net_unittests:X509CertificateNameVerifyTest.*
Review URL: http://codereview.chromium.org/8362023
TBR=rsleevi@chromium.org
Review URL: http://codereview.chromium.org/8381032
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107078 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/x509_certificate_unittest.cc')
| -rw-r--r-- | net/base/x509_certificate_unittest.cc | 19 |
1 files changed, 4 insertions, 15 deletions
diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc index d61750b..9ba1124 100644 --- a/net/base/x509_certificate_unittest.cc +++ b/net/base/x509_certificate_unittest.cc @@ -1298,6 +1298,7 @@ const CertificateNameVerifyTestData kNameVerifyTestData[] = { "xn--poema-*.com.br," "xn--*-9qae5a.com.br," "*--poema-9qae5a.com.br" }, + { true, "xn--poema-9qae5a.com.br", "*.com.br" }, // The following are adapted from the examples quoted from // http://tools.ietf.org/html/rfc6125#section-6.4.3 // (e.g., *.example.com would match foo.example.com but @@ -1311,21 +1312,12 @@ const CertificateNameVerifyTestData kNameVerifyTestData[] = { { true, "baz1.example.net", "baz*.example.net" }, { true, "foobaz.example.net", "*baz.example.net" }, { true, "buzz.example.net", "b*z.example.net" }, - // Wildcards should not be valid for registry-controlled domains, and for - // unknown/unrecognized domains, at least three domain components must be - // present. - { true, "www.test.example", "*.test.example" }, - { true, "test.example.co.uk", "*.example.co.uk" }, - { false, "test.example", "*.example" }, - { false, "example.co.uk", "*.co.uk" }, + // Wildcards should not be valid unless there are at least three name + // components. + { true, "h.co.uk", "*.co.uk" }, { false, "foo.com", "*.com" }, { false, "foo.us", "*.us" }, { false, "foo", "*" }, - // IDN variants of wildcards and registry-controlled domains. - { true, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br" }, - { true, "test.example.xn--mgbaam7a8h", "*.example.xn--mgbaam7a8h" }, - { false, "xn--poema-9qae5a.com.br", "*.com.br" }, - { false, "example.xn--mgbaam7a8h", "*.xn--mgbaam7a8h" }, // Multiple wildcards are not valid. { false, "foo.example.com", "*.*.com" }, { false, "foo.bar.example.com", "*.bar.*.com" }, @@ -1346,9 +1338,6 @@ const CertificateNameVerifyTestData kNameVerifyTestData[] = { { false, "example.com.", "*.com" }, { false, "example.com.", "*.com." }, { false, "foo.", "*." }, - { false, "foo", "*." }, - { false, "foo.co.uk", "*.co.uk." }, - { false, "foo.co.uk.", "*.co.uk." }, // IP addresses in common name; IPv4 only. { true, "127.0.0.1", "127.0.0.1" }, { true, "192.168.1.1", "192.168.1.1" }, |