2 files changed, 18 insertions, 4 deletions

diff --git a/chrome/common/net/x509_certificate_model_nss.cc b/chrome/common/net/x509_certificate_model_nss.cc
index 2b790a7..63205ff 100644
--- a/chrome/common/net/x509_certificate_model_nss.cc
+++ b/chrome/common/net/x509_certificate_model_nss.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -125,10 +125,13 @@ string GetTokenName(X509Certificate::OSCertHandle cert_handle) {
 }
 
 string GetVersion(X509Certificate::OSCertHandle cert_handle) {
-  unsigned long version = ULONG_MAX;
-  if (SEC_ASN1DecodeInteger(&cert_handle->version, &version) == SECSuccess &&
-      version != ULONG_MAX)
+  // If the version field is omitted from the certificate, the default
+  // value is v1(0).
+  unsigned long version = 0;
+  if (cert_handle->version.len == 0 ||
+      SEC_ASN1DecodeInteger(&cert_handle->version, &version) == SECSuccess) {
     return base::UintToString(version + 1);
+  }
   return "";
 }
 
diff --git a/chrome/common/net/x509_certificate_model_unittest.cc b/chrome/common/net/x509_certificate_model_unittest.cc
index 233475e..0178f09 100644
--- a/chrome/common/net/x509_certificate_model_unittest.cc
+++ b/chrome/common/net/x509_certificate_model_unittest.cc
@@ -71,3 +71,14 @@ TEST(X509CertificateModelTest, GetTypeServer) {
             x509_certificate_model::GetType(cert->os_cert_handle()));
 #endif
 }
+
+// An X.509 v1 certificate with the version field omitted should get
+// the default value v1.
+TEST(X509CertificateModelTest, GetVersionOmitted) {
+  scoped_refptr<net::X509Certificate> cert(
+      net::ImportCertFromFile(net::GetTestCertsDirectory(),
+                              "ndn.ca.crt"));
+  ASSERT_TRUE(cert.get());
+
+  EXPECT_EQ("1", x509_certificate_model::GetVersion(cert->os_cert_handle()));
+}