Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 9b885c5d0fe1a89b2063654dbdd0faf2a6c076fd^! / . / ssl / test / runner / runner.go
commit9b885c5d0fe1a89b2063654dbdd0faf2a6c076fd[log] [tgz]
authorAdam Langley <agl@google.com>Fri Nov 18 14:21:03 2016 -0800
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Sat Nov 19 00:24:18 2016 +0000
treeb2b7a2166c7e65f926db50407e6e0268259476cb
parent6f5f49f33d88f446f7f690bf991e835d5137af6c [diff] [blame]
Don't allow invalid SCT lists to be set.

This change causes SSL_CTX_set_signed_cert_timestamp_list to check the
SCT list for shallow validity before allowing it to be set.

Change-Id: Ib8a1fe185224ff02ed4ce53a0109e60d934e96b3
Reviewed-on: https://boringssl-review.googlesource.com/12401
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 6c0cd57..683f07c 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -5560,6 +5560,17 @@
 		shouldFail:    true,
 		expectedError: ":DUPLICATE_EXTENSION:",
 	})
+
+	testCases = append(testCases, testCase{
+		name:     "SignedCertificateTimestampListInvalid-Server",
+		testType: serverTest,
+		flags: []string{
+			"-signed-cert-timestamps",
+			base64.StdEncoding.EncodeToString([]byte{0, 0}),
+		},
+		shouldFail: true,
+		expectedError: ":INVALID_SCT_LIST:",
+	})
 }
 
 func addResumptionVersionTests() {