commit 407a10cf433b8f8177b8fa7a933e29a965569039
author David Benjamin <davidben@chromium.org> Wed Jul 16 12:58:59 2014 -0400
committer Adam Langley <agl@google.com> Wed Jul 16 17:07:15 2014 +0000
tree 0d72d1553e905776d2bd81a713b49b45c605d041
parent 0cc81ff04f7364183f97ce2ca573a56fbfe3d156

Fix parsing of CertificateRequests.

Got one of the conditions flipped.

Change-Id: I327a9c13e42865459e8d69a431b0d3a2bc6b54a5
Reviewed-on: https://boringssl-review.googlesource.com/1210
Reviewed-by: Adam Langley <agl@google.com>

ssl/test/runner/runner.go

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 3d94d1b..e025859 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2,6 +2,7 @@
 
 import (
 	"bytes"
+	"crypto/x509"
 	"flag"
 	"fmt"
 	"io"
@@ -530,6 +531,15 @@
 }
 
 func addClientAuthTests() {
+	// Add a dummy cert pool to stress certificate authority parsing.
+	// TODO(davidben): Add tests that those values parse out correctly.
+	certPool := x509.NewCertPool()
+	cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
+	if err != nil {
+		panic(err)
+	}
+	certPool.AddCert(cert)
+
 	for _, ver := range tlsVersions {
 		if ver.version == VersionSSL30 {
 			// TODO(davidben): The Go implementation does not
@@ -553,6 +563,7 @@
 				MaxVersion:   ver.version,
 				CipherSuites: cipherSuites,
 				ClientAuth:   RequireAnyClientCert,
+				ClientCAs:    certPool,
 			},
 			flags: []string{
 				"-cert-file", rsaCertificateFile,
@@ -567,6 +578,7 @@
 				MaxVersion:   ver.version,
 				CipherSuites: cipherSuites,
 				ClientAuth:   RequireAnyClientCert,
+				ClientCAs:    certPool,
 			},
 			flags: []string{
 				"-cert-file", ecdsaCertificateFile,