Google Git
Sign in
quiche/quiche.git/f424d1a40e5e06ac7db8e5ad709350f9a4a6af69^!/.
commit
f424d1a40e5e06ac7db8e5ad709350f9a4a6af69
[log]
author
nharper <nharper@google.com>
Wed May 27 16:13:58 2020 -0400
committer
Victor Vasiliev <vasilvv@google.com>
Wed May 27 19:14:43 2020 -0400
tree
a9569f5f3309b83fe1386b06760d7566ddb00a1a
parent
f44a6679f7c0ce546df52bf7a5f4c8f3d6a91e4a [diff]
Allow unknown/unsupported SANs in CertificateView

PiperOrigin-RevId: 313450034

diff --git a/quic/core/crypto/certificate_view.cc b/quic/core/crypto/certificate_view.cc
index 0f17d12..96486c3 100644
--- a/quic/core/crypto/certificate_view.cc
+++ b/quic/core/crypto/certificate_view.cc

@@ -306,8 +306,8 @@
             break;
 
           default:
-            QUIC_DLOG(WARNING) << "Invalid subjectAltName tag";
-            return false;
+            QUIC_DLOG(INFO) << "Unknown subjectAltName tag " << alt_name_tag;
+            continue;
         }
       }
     }

diff --git a/quic/core/crypto/certificate_view_test.cc b/quic/core/crypto/certificate_view_test.cc
index b0b52f1..833351c 100644
--- a/quic/core/crypto/certificate_view_test.cc
+++ b/quic/core/crypto/certificate_view_test.cc

@@ -47,6 +47,17 @@
   EXPECT_EQ(EVP_PKEY_id(view->public_key()), EVP_PKEY_RSA);
 }
 
+TEST(CertificateViewTest, ParseCertWithUnknownSanType) {
+  std::stringstream stream(kTestCertWithUnknownSanTypePem);
+  PemReadResult result = ReadNextPemMessage(&stream);
+  EXPECT_EQ(result.status, PemReadResult::kOk);
+  EXPECT_EQ(result.type, "CERTIFICATE");
+
+  std::unique_ptr<CertificateView> view =
+      CertificateView::ParseSingleCertificate(result.contents);
+  EXPECT_TRUE(view != nullptr);
+}
+
 TEST(CertificateViewTest, PemSingleCertificate) {
   std::stringstream pem_stream(kTestCertificatePem);
   std::vector<std::string> chain =

diff --git a/quic/test_tools/test_certificates.cc b/quic/test_tools/test_certificates.cc
index 2a733b4..d179d00 100644
--- a/quic/test_tools/test_certificates.cc
+++ b/quic/test_tools/test_certificates.cc

@@ -249,6 +249,34 @@
 Cmn1Mj4hQ+pT0t+pw/DMOw==
 -----END CERTIFICATE-----)";
 
+QUIC_CONST_INIT const char kTestCertWithUnknownSanTypePem[] =
+    R"(-----BEGIN CERTIFICATE-----
+MIIEYTCCA0mgAwIBAgIJAILStmLgUUcVMA0GCSqGSIb3DQEBCwUAMHYxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
+c2NvMQ0wCwYDVQQKDARMeWZ0MRkwFwYDVQQLDBBMeWZ0IEVuZ2luZWVyaW5nMRAw
+DgYDVQQDDAdUZXN0IENBMB4XDTE4MTIxNzIwMTgwMFoXDTIwMTIxNjIwMTgwMFow
+gaYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1T
+YW4gRnJhbmNpc2NvMQ0wCwYDVQQKDARMeWZ0MRkwFwYDVQQLDBBMeWZ0IEVuZ2lu
+ZWVyaW5nMRowGAYDVQQDDBFUZXN0IEJhY2tlbmQgVGVhbTEkMCIGCSqGSIb3DQEJ
+ARYVYmFja2VuZC10ZWFtQGx5ZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuvPdQdmwZongPAgQho/Vipd3PZWrQ6BKxIb4l/RvqtVP321IUTLs
+4vVwpXoYJ+12L+XOO3jCInszs53tHjFpTI1GE8/sasmgR6LRr2krwSoVRHPqUoc9
+tzkDG1SzKP2TRTi1MTI3FO+TnLFahntO9Zstxhv1Epz5GZ/xQLE0/LLoRYzcynL/
+iflk18iL1KM8i0Hy4cKjclOaUdnh2nh753iJfxCSb5wJfx4FH1qverYHHT6FopYR
+V40Cg0yYXcYo8yNwrg+EBY8QAT2JOMDokXNKbZpmVKiBlh0QYMX6BBiW249v3sYl
+3Ve+fZvCkle3W0xP0xJw8PdX0NRbvGOrBQIDAQABo4HAMIG9MAwGA1UdEwEB/wQC
+MAAwCwYDVR0PBAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATBB
+BgNVHREEOjA4hh5zcGlmZmU6Ly9seWZ0LmNvbS9iYWNrZW5kLXRlYW2CCGx5ZnQu
+Y29tggx3d3cubHlmdC5jb20wHQYDVR0OBBYEFLHmMm0DV9jCHJSWVRwyPYpBw62r
+MB8GA1UdIwQYMBaAFBQz1vaSbPuePL++7GTMqLAMtk3kMA0GCSqGSIb3DQEBCwUA
+A4IBAQAwx3/M2o00W8GlQ3OT4y/hQGb5K2aytxx8QeSmJaaZTJbvaHhe0x3/fLgq
+uWrW3WEWFtwasilySjOrFOtB9UNmJmNOHSJD3Bslbv5htRaWnoFPCXdwZtVMdoTq
+IHIQqLoos/xj3kVD5sJSYySrveMeKaeUILTkb5ZubSivye1X2yiJLR7AtuwuiMio
+CdIOqhn6xJqYhT7z0IhdKpLNPk4w1tBZSKOXqzrXS4uoJgTC67hWslWWZ2VC6IvZ
+FmKuuGZamCCj6F1QF2IjMVM8evl84hEnN0ajdkA/QWnil9kcWvBm15Ho+oTvvJ7s
+M8MD3RDSq/90FSiME4vbyNEyTmj0
+-----END CERTIFICATE-----)";
+
 QUIC_CONST_INIT const char kTestCertificatePrivateKeyRaw[] = {
     '\x30', '\x82', '\x04', '\xbc', '\x02', '\x01', '\x00', '\x30', '\x0d',
     '\x06', '\x09', '\x2a', '\x86', '\x48', '\x86', '\xf7', '\x0d', '\x01',

diff --git a/quic/test_tools/test_certificates.h b/quic/test_tools/test_certificates.h
index ec4a4d4..e7d3035 100644
--- a/quic/test_tools/test_certificates.h
+++ b/quic/test_tools/test_certificates.h

@@ -20,6 +20,10 @@
 // |kTestCertificatePem| with a PEM-encoded root appended to the end.
 QUIC_CONST_INIT extern const char kTestCertificateChainPem[];
 
+// PEM-encoded certificate that contains a subjectAltName with an
+// unknown/unsupported type.
+QUIC_CONST_INIT extern const char kTestCertWithUnknownSanTypePem[];
+
 // DER-encoded private key for |kTestCertificate|.
 QUIC_CONST_INIT extern const quiche::QuicheStringPiece
     kTestCertificatePrivateKey;