Don't depend on crypto/x509 in ssl_server_socket_unittest.
This doesn't particularly matter, but if we ever split the libraries up
for enforcement, we'll want the dependencies out.
The name of the issuing cert isn't going to change, so just hard-code it
in the test. The ClientCertStore tests already do this and I'm not sure
this field is used at all anyway.
Bug: 706445
Change-Id: I780002ae90c9668507fba64a5c3acf0139c7bfe0
Reviewed-on: https://chromium-review.googlesource.com/690159
Reviewed-by: Matt Mueller <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Cr-Commit-Position: refs/heads/master@{#505125}diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc
index d493079..e6e6bbc 100644
--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -71,7 +71,6 @@
#include "testing/platform_test.h"
#include "third_party/boringssl/src/include/openssl/evp.h"
#include "third_party/boringssl/src/include/openssl/ssl.h"
-#include "third_party/boringssl/src/include/openssl/x509.h"
using net::test::IsError;
using net::test::IsOk;
@@ -84,7 +83,6 @@
const char kClientPrivateKeyFileName[] = "client_1.pk8";
const char kWrongClientCertFileName[] = "client_2.pem";
const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
-const char kClientCertCAFileName[] = "client_1_ca.pem";
class MockCTPolicyEnforcer : public CTPolicyEnforcer {
public:
@@ -435,22 +433,12 @@
server_ssl_config_.client_cert_type =
SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
- bssl::UniquePtr<STACK_OF(X509_NAME)> cert_names(
- SSL_load_client_CA_file(GetTestCertsDirectory()
- .AppendASCII(kClientCertCAFileName)
- .MaybeAsASCII()
- .c_str()));
- ASSERT_TRUE(cert_names);
-
- for (size_t i = 0; i < sk_X509_NAME_num(cert_names.get()); ++i) {
- uint8_t* str = nullptr;
- int length = i2d_X509_NAME(sk_X509_NAME_value(cert_names.get(), i), &str);
- ASSERT_LT(0, length);
-
- server_ssl_config_.cert_authorities_.push_back(std::string(
- reinterpret_cast<const char*>(str), static_cast<size_t>(length)));
- OPENSSL_free(str);
- }
+ // "CN=B CA" - DER encoded DN of the issuer of client_1.pem
+ static const uint8_t kClientCertCAName[] = {
+ 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55,
+ 0x04, 0x03, 0x0c, 0x04, 0x42, 0x20, 0x43, 0x41};
+ server_ssl_config_.cert_authorities_.push_back(std::string(
+ std::begin(kClientCertCAName), std::end(kClientCertCAName)));
scoped_refptr<X509Certificate> expected_client_cert(
ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));
