diff options
| author | joth@chromium.org <joth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-01 10:10:16 +0000 |
|---|---|---|
| committer | joth@chromium.org <joth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-01 10:10:16 +0000 |
| commit | 3d0f06036817faf81e5151be967c05c5b41eca0e (patch) | |
| tree | 6487458f9e36436272e29d54751aaae54186c3c0 /net | |
| parent | fb66d370d366c95143b0be820751e512ed09791e (diff) | |
| download | chromium_src-3d0f06036817faf81e5151be967c05c5b41eca0e.zip chromium_src-3d0f06036817faf81e5151be967c05c5b41eca0e.tar.gz chromium_src-3d0f06036817faf81e5151be967c05c5b41eca0e.tar.bz2 | |
Fix X509CertificateTest.SerialNumbers on OpenSSL builds after http://crrev.com/107956
BUG=none
TEST=X509CertificateTest.SerialNumbers no longer failing on http://build.chromium.org/p/chromium.fyi/builders/Chromium%20Linux%20Redux
Review URL: http://codereview.chromium.org/8432026
Patch from Ryan Sleevi <rsleevi@chromium.org>.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108088 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/x509_certificate_openssl.cc | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc index 5880911..8583e4d 100644 --- a/net/base/x509_certificate_openssl.cc +++ b/net/base/x509_certificate_openssl.cc @@ -17,6 +17,7 @@ #include "base/pickle.h" #include "base/sha1.h" #include "base/string_number_conversions.h" +#include "base/string_util.h" #include "crypto/openssl_util.h" #include "net/base/asn1_util.h" #include "net/base/cert_status_flags.h" @@ -327,11 +328,19 @@ void X509Certificate::Initialize() { fingerprint_ = CalculateFingerprint(cert_handle_); chain_fingerprint_ = CalculateChainFingerprint(); - ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_); - if (num) { - serial_number_ = std::string( - reinterpret_cast<char*>(num->data), - num->length); + ASN1_INTEGER* serial_num = X509_get_serialNumber(cert_handle_); + if (serial_num) { + // ASN1_INTEGERS represent the decoded number, in a format internal to + // OpenSSL. Most notably, this may have leading zeroes stripped off for + // numbers whose first byte is >= 0x80. Thus, it is necessary to + // re-encoded the integer back into DER, which is what the interface + // of X509Certificate exposes, to ensure callers get the proper (DER) + // value. + int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL); + unsigned char* buffer = reinterpret_cast<unsigned char*>( + WriteInto(&serial_number_, bytes_required + 1)); + int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); + DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); } ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); |