Properly parse IPv6 subjectAltNames when USE_OPENSSL is set

BUG=121153 TEST=X509CertificateTest.ParseSubjectAltName R=agl@chromium.org Review URL: https://chromiumcodereview.appspot.com/9950065 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@130663 0039d316-1c4b-4281-b951-d872f2087c98
author: rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-04-04 17:27:20 +0000
committer: rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-04-04 17:27:20 +0000
commit: 01c8ebcb13995fa41b9e08fb415ae78a3861f926 (patch)
tree: 2da882c3fb0d97a374f8e9b0d608600971d74890 /net/data
parent: 97593f56bad955f23fb4a917cd0450506d7abd87 (diff)
download: chromium_src-01c8ebcb13995fa41b9e08fb415ae78a3861f926.zip
chromium_src-01c8ebcb13995fa41b9e08fb415ae78a3861f926.tar.gz
chromium_src-01c8ebcb13995fa41b9e08fb415ae78a3861f926.tar.bz2
3 files changed, 75 insertions, 0 deletions
diff --git a/net/data/ssl/certificates/README b/net/data/ssl/certificates/README
index 2aedd66..c5b0290 100644
--- a/net/data/ssl/certificates/README
+++ b/net/data/ssl/certificates/README
@@ -110,3 +110,10 @@ unit tests.
 
 - ocsp-test-root.pem : A root certificate for the code in
       net/tools/testserver/minica.py
+
+- subjectAltName_sanity_check.pem : Used to test the handling of various types
+     within the subjectAltName extension of a certificate. Generated by using
+     the command
+     "openssl req -x509 -days 3650 -sha1 -extensions req_san_sanity \
+          -config ../scripts/ee.cnf -newkey rsa:1024 -text \
+          -out subjectAltName_sanity_check.pem"
diff --git a/net/data/ssl/certificates/subjectAltName_sanity_check.pem b/net/data/ssl/certificates/subjectAltName_sanity_check.pem
new file mode 100644
index 0000000..46cf58d
--- /dev/null
+++ b/net/data/ssl/certificates/subjectAltName_sanity_check.pem
@@ -0,0 +1,54 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            f2:f1:e7:8b:cf:09:30:f1
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
+        Validity
+            Not Before: Apr  3 00:46:54 2012 GMT
+            Not After : Apr  1 00:46:54 2022 GMT
+        Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c8:0e:13:bb:da:d5:5a:d4:68:a2:11:90:ae:c3:
+                    b3:f9:72:52:7d:e9:73:5c:49:60:ef:d3:49:05:9a:
+                    c7:4e:01:4f:b0:c8:4c:18:34:2f:7b:84:27:ad:94:
+                    12:9b:e7:3d:38:6b:49:15:55:f6:c7:3a:8d:03:ec:
+                    3e:59:90:5c:b9:a6:41:af:f0:12:b8:87:b9:54:4d:
+                    1e:18:ba:41:96:d0:f3:bb:a0:d6:80:8e:29:10:72:
+                    eb:3c:4c:c0:e2:f7:d8:61:2f:d8:63:c7:a7:79:f5:
+                    74:e0:2a:f0:5d:3e:eb:a2:36:09:4b:5d:35:31:56:
+                    1c:86:0e:8a:22:ad:1b:3f:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                IP Address:127.0.0.2, IP Address:FE80:0:0:0:0:0:0:1, DNS:test.example, email:test@test.example, othername:<unsupported>, DirName:/CN=127.0.0.3
+    Signature Algorithm: sha1WithRSAEncryption
+        32:46:49:70:be:e4:db:05:0e:7e:7a:e4:ea:5c:90:c6:4c:65:
+        2d:03:ac:fb:d1:de:e4:26:e5:83:dc:5a:c8:4f:ff:b5:10:4e:
+        39:21:7f:c8:37:f3:c6:7a:de:96:b3:30:e7:c7:87:6d:75:1e:
+        14:30:17:6b:d2:76:0b:b8:43:39:c4:63:4c:50:8e:e1:0f:09:
+        ff:6c:7d:ab:c8:97:46:e8:04:70:9d:f5:e5:8c:b6:8c:b7:3d:
+        8e:0f:59:1f:6a:fd:03:c2:be:a1:40:b7:9b:38:ca:55:f5:18:
+        c3:0d:35:01:12:a0:8d:ba:1b:41:a3:6e:68:8c:cf:52:f9:96:
+        90:64
+-----BEGIN CERTIFICATE-----
+MIICsDCCAhmgAwIBAgIJAPLx54vPCTDxMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW
+aWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQDDAkxMjcuMC4wLjEwHhcNMTIw
+NDAzMDA0NjU0WhcNMjIwNDAxMDA0NjU0WjBgMQswCQYDVQQGEwJVUzETMBEGA1UE
+CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwH
+VGVzdCBDQTESMBAGA1UEAwwJMTI3LjAuMC4xMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDIDhO72tVa1GiiEZCuw7P5clJ96XNcSWDv00kFmsdOAU+wyEwYNC97
+hCetlBKb5z04a0kVVfbHOo0D7D5ZkFy5pkGv8BK4h7lUTR4YukGW0PO7oNaAjikQ
+cus8TMDi99hhL9hjx6d59XTgKvBdPuuiNglLXTUxVhyGDooirRs/JwIDAQABo3Iw
+cDBuBgNVHREEZzBlhwR/AAAChxD+gAAAAAAAAAAAAAAAAAABggx0ZXN0LmV4YW1w
+bGWBEXRlc3RAdGVzdC5leGFtcGxloBIGAyoDBKALDAlpZ25vcmUgbWWkFjAUMRIw
+EAYDVQQDDAkxMjcuMC4wLjMwDQYJKoZIhvcNAQEFBQADgYEAMkZJcL7k2wUOfnrk
+6lyQxkxlLQOs+9He5Cblg9xayE//tRBOOSF/yDfzxnrelrMw58eHbXUeFDAXa9J2
+C7hDOcRjTFCO4Q8J/2x9q8iXRugEcJ315Yy2jLc9jg9ZH2r9A8K+oUC3mzjKVfUY
+ww01ARKgjbobQaNuaIzPUvmWkGQ=
+-----END CERTIFICATE-----
diff --git a/net/data/ssl/scripts/ee.cnf b/net/data/ssl/scripts/ee.cnf
index 76e5ff6..8f14539 100644
--- a/net/data/ssl/scripts/ee.cnf
+++ b/net/data/ssl/scripts/ee.cnf
@@ -16,3 +16,17 @@ CN = 127.0.0.1
 
 [req_extensions]
 subjectAltName = IP:127.0.0.1
+
+[req_san_sanity]
+subjectAltName = @san_sanity
+
+[san_sanity]
+IP.1  = 127.0.0.2
+IP.2  = FE80::1
+DNS = test.example
+email = test@test.example
+otherName = 1.2.3.4;UTF8:ignore me
+dirName = more_san_sanity
+
+[more_san_sanity]
+CN=127.0.0.3
author	rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-04-04 17:27:20 +0000
committer	rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-04-04 17:27:20 +0000
commit	01c8ebcb13995fa41b9e08fb415ae78a3861f926 (patch)
tree	2da882c3fb0d97a374f8e9b0d608600971d74890 /net/data
parent	97593f56bad955f23fb4a917cd0450506d7abd87 (diff)
download	chromium_src-01c8ebcb13995fa41b9e08fb415ae78a3861f926.zip chromium_src-01c8ebcb13995fa41b9e08fb415ae78a3861f926.tar.gz chromium_src-01c8ebcb13995fa41b9e08fb415ae78a3861f926.tar.bz2