Google Git
Sign in
boringssl / boringssl.git / 535cc391915c37912ff9b3edb0cff9b3c5c77db0^! / .
commit535cc391915c37912ff9b3edb0cff9b3c5c77db0[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Jun 18 18:22:26 2025 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Jun 24 14:36:49 2025 -0700
tree6139194fb4f4b8c7352b54b9d68aeff552cd43b5
parentf6ae76d2d8f90c621e2907ed12b03a40ce88fd0e [diff]
runner: Remove Leaf field from Credential

This field is unused and already wasn't filled in with
garbageCertificate. Removing it also makes it more obvious that runner
does not actually care if it can parse its own certificate.

Change-Id: I788a6f6fe8784579d03c1c4023728b5ca77c3f88
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/79911
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Auto-Submit: David Benjamin <davidben@google.com>

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index ce20da5..5cc14cc 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -2367,11 +2367,6 @@
 	// SignatureAlgorithms, if not nil, overrides the default set of
 	// supported signature algorithms to sign with.
 	SignatureAlgorithms []signatureAlgorithm
-	// Leaf is the parsed form of the leaf certificate, which may be
-	// initialized using x509.ParseCertificate to reduce per-handshake
-	// processing for TLS clients doing client authentication. If nil, the
-	// leaf certificate will be parsed as needed.
-	Leaf *x509.Certificate
 	// DelegatedCredential is the delegated credential to use
 	// with the certificate.
 	DelegatedCredential []byte
@@ -2664,7 +2659,6 @@
 		Certificate:     [][]byte{cert.Raw},
 		RootCertificate: cert.Raw,
 		PrivateKey:      key,
-		Leaf:            cert,
 		ChainPath:       tmpCertPath,
 		KeyPath:         tmpKeyPath,
 		RootPath:        tmpCertPath,

diff --git a/ssl/test/runner/delegated_credential_tests.go b/ssl/test/runner/delegated_credential_tests.go
index 84506a5..038ad0e 100644
--- a/ssl/test/runner/delegated_credential_tests.go
+++ b/ssl/test/runner/delegated_credential_tests.go

@@ -100,7 +100,8 @@
 	addUint24LengthPrefixedBytes(dc, pubBytes)
 
 	var dummyConfig Config
-	parentSignature, err := signMessage(false /* server */, VersionTLS13, parent.PrivateKey, &dummyConfig, config.algo, delegatedCredentialSignedMessage(dc.BytesOrPanic(), config.algo, parent.Leaf.Raw))
+	msg := delegatedCredentialSignedMessage(dc.BytesOrPanic(), config.algo, parent.Certificate[0])
+	parentSignature, err := signMessage(false /* server */, VersionTLS13, parent.PrivateKey, &dummyConfig, config.algo, msg)
 	if err != nil {
 		panic(err)
 	}

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 0e6b496..35448ff 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -261,7 +261,6 @@
 		Certificate:     [][]byte{leafCert.Raw, intermediateCert.Raw},
 		RootCertificate: rootCert.Raw,
 		PrivateKey:      &rsa2048Key,
-		Leaf:            leafCert,
 		ChainPath:       chainPath,
 		KeyPath:         keyPath,
 		RootPath:        rootCertPath,