Allow unknown/unsupported SANs in CertificateView
PiperOrigin-RevId: 313450034
diff --git a/quic/core/crypto/certificate_view.cc b/quic/core/crypto/certificate_view.cc
index 0f17d12..96486c3 100644
--- a/quic/core/crypto/certificate_view.cc
+++ b/quic/core/crypto/certificate_view.cc
@@ -306,8 +306,8 @@
break;
default:
- QUIC_DLOG(WARNING) << "Invalid subjectAltName tag";
- return false;
+ QUIC_DLOG(INFO) << "Unknown subjectAltName tag " << alt_name_tag;
+ continue;
}
}
}
diff --git a/quic/core/crypto/certificate_view_test.cc b/quic/core/crypto/certificate_view_test.cc
index b0b52f1..833351c 100644
--- a/quic/core/crypto/certificate_view_test.cc
+++ b/quic/core/crypto/certificate_view_test.cc
@@ -47,6 +47,17 @@
EXPECT_EQ(EVP_PKEY_id(view->public_key()), EVP_PKEY_RSA);
}
+TEST(CertificateViewTest, ParseCertWithUnknownSanType) {
+ std::stringstream stream(kTestCertWithUnknownSanTypePem);
+ PemReadResult result = ReadNextPemMessage(&stream);
+ EXPECT_EQ(result.status, PemReadResult::kOk);
+ EXPECT_EQ(result.type, "CERTIFICATE");
+
+ std::unique_ptr<CertificateView> view =
+ CertificateView::ParseSingleCertificate(result.contents);
+ EXPECT_TRUE(view != nullptr);
+}
+
TEST(CertificateViewTest, PemSingleCertificate) {
std::stringstream pem_stream(kTestCertificatePem);
std::vector<std::string> chain =
diff --git a/quic/test_tools/test_certificates.cc b/quic/test_tools/test_certificates.cc
index 2a733b4..d179d00 100644
--- a/quic/test_tools/test_certificates.cc
+++ b/quic/test_tools/test_certificates.cc
@@ -249,6 +249,34 @@
Cmn1Mj4hQ+pT0t+pw/DMOw==
-----END CERTIFICATE-----)";
+QUIC_CONST_INIT const char kTestCertWithUnknownSanTypePem[] =
+ R"(-----BEGIN CERTIFICATE-----
+MIIEYTCCA0mgAwIBAgIJAILStmLgUUcVMA0GCSqGSIb3DQEBCwUAMHYxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
+c2NvMQ0wCwYDVQQKDARMeWZ0MRkwFwYDVQQLDBBMeWZ0IEVuZ2luZWVyaW5nMRAw
+DgYDVQQDDAdUZXN0IENBMB4XDTE4MTIxNzIwMTgwMFoXDTIwMTIxNjIwMTgwMFow
+gaYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1T
+YW4gRnJhbmNpc2NvMQ0wCwYDVQQKDARMeWZ0MRkwFwYDVQQLDBBMeWZ0IEVuZ2lu
+ZWVyaW5nMRowGAYDVQQDDBFUZXN0IEJhY2tlbmQgVGVhbTEkMCIGCSqGSIb3DQEJ
+ARYVYmFja2VuZC10ZWFtQGx5ZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuvPdQdmwZongPAgQho/Vipd3PZWrQ6BKxIb4l/RvqtVP321IUTLs
+4vVwpXoYJ+12L+XOO3jCInszs53tHjFpTI1GE8/sasmgR6LRr2krwSoVRHPqUoc9
+tzkDG1SzKP2TRTi1MTI3FO+TnLFahntO9Zstxhv1Epz5GZ/xQLE0/LLoRYzcynL/
+iflk18iL1KM8i0Hy4cKjclOaUdnh2nh753iJfxCSb5wJfx4FH1qverYHHT6FopYR
+V40Cg0yYXcYo8yNwrg+EBY8QAT2JOMDokXNKbZpmVKiBlh0QYMX6BBiW249v3sYl
+3Ve+fZvCkle3W0xP0xJw8PdX0NRbvGOrBQIDAQABo4HAMIG9MAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATBB
+BgNVHREEOjA4hh5zcGlmZmU6Ly9seWZ0LmNvbS9iYWNrZW5kLXRlYW2CCGx5ZnQu
+Y29tggx3d3cubHlmdC5jb20wHQYDVR0OBBYEFLHmMm0DV9jCHJSWVRwyPYpBw62r
+MB8GA1UdIwQYMBaAFBQz1vaSbPuePL++7GTMqLAMtk3kMA0GCSqGSIb3DQEBCwUA
+A4IBAQAwx3/M2o00W8GlQ3OT4y/hQGb5K2aytxx8QeSmJaaZTJbvaHhe0x3/fLgq
+uWrW3WEWFtwasilySjOrFOtB9UNmJmNOHSJD3Bslbv5htRaWnoFPCXdwZtVMdoTq
+IHIQqLoos/xj3kVD5sJSYySrveMeKaeUILTkb5ZubSivye1X2yiJLR7AtuwuiMio
+CdIOqhn6xJqYhT7z0IhdKpLNPk4w1tBZSKOXqzrXS4uoJgTC67hWslWWZ2VC6IvZ
+FmKuuGZamCCj6F1QF2IjMVM8evl84hEnN0ajdkA/QWnil9kcWvBm15Ho+oTvvJ7s
+M8MD3RDSq/90FSiME4vbyNEyTmj0
+-----END CERTIFICATE-----)";
+
QUIC_CONST_INIT const char kTestCertificatePrivateKeyRaw[] = {
'\x30', '\x82', '\x04', '\xbc', '\x02', '\x01', '\x00', '\x30', '\x0d',
'\x06', '\x09', '\x2a', '\x86', '\x48', '\x86', '\xf7', '\x0d', '\x01',
diff --git a/quic/test_tools/test_certificates.h b/quic/test_tools/test_certificates.h
index ec4a4d4..e7d3035 100644
--- a/quic/test_tools/test_certificates.h
+++ b/quic/test_tools/test_certificates.h
@@ -20,6 +20,10 @@
// |kTestCertificatePem| with a PEM-encoded root appended to the end.
QUIC_CONST_INIT extern const char kTestCertificateChainPem[];
+// PEM-encoded certificate that contains a subjectAltName with an
+// unknown/unsupported type.
+QUIC_CONST_INIT extern const char kTestCertWithUnknownSanTypePem[];
+
// DER-encoded private key for |kTestCertificate|.
QUIC_CONST_INIT extern const quiche::QuicheStringPiece
kTestCertificatePrivateKey;
