Fix parsing of CertificateRequests.
Got one of the conditions flipped.
Change-Id: I327a9c13e42865459e8d69a431b0d3a2bc6b54a5
Reviewed-on: https://boringssl-review.googlesource.com/1210
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 3d94d1b..e025859 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2,6 +2,7 @@
import (
"bytes"
+ "crypto/x509"
"flag"
"fmt"
"io"
@@ -530,6 +531,15 @@
}
func addClientAuthTests() {
+ // Add a dummy cert pool to stress certificate authority parsing.
+ // TODO(davidben): Add tests that those values parse out correctly.
+ certPool := x509.NewCertPool()
+ cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
+ if err != nil {
+ panic(err)
+ }
+ certPool.AddCert(cert)
+
for _, ver := range tlsVersions {
if ver.version == VersionSSL30 {
// TODO(davidben): The Go implementation does not
@@ -553,6 +563,7 @@
MaxVersion: ver.version,
CipherSuites: cipherSuites,
ClientAuth: RequireAnyClientCert,
+ ClientCAs: certPool,
},
flags: []string{
"-cert-file", rsaCertificateFile,
@@ -567,6 +578,7 @@
MaxVersion: ver.version,
CipherSuites: cipherSuites,
ClientAuth: RequireAnyClientCert,
+ ClientCAs: certPool,
},
flags: []string{
"-cert-file", ecdsaCertificateFile,