diff options
Diffstat (limited to 'src/crypto/x509/x509_test.go')
-rw-r--r-- | src/crypto/x509/x509_test.go | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go index b085dad90f..5e81e9ff5a 100644 --- a/src/crypto/x509/x509_test.go +++ b/src/crypto/x509/x509_test.go @@ -518,74 +518,6 @@ func TestCreateSelfSignedCertificate(t *testing.T) { } } -func TestUnknownCriticalExtension(t *testing.T) { - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - t.Fatalf("Failed to generate ECDSA key: %s", err) - } - - oids := []asn1.ObjectIdentifier{ - // This OID is in the PKIX arc, but unknown. - {2, 5, 29, 999999}, - // This is a nonsense, unassigned OID. - {1, 2, 3, 4}, - } - - for _, oid := range oids { - template := Certificate{ - SerialNumber: big.NewInt(1), - Subject: pkix.Name{ - CommonName: "foo", - }, - NotBefore: time.Unix(1000, 0), - NotAfter: time.Now().AddDate(1, 0, 0), - - BasicConstraintsValid: true, - IsCA: true, - - KeyUsage: KeyUsageCertSign, - ExtKeyUsage: []ExtKeyUsage{ExtKeyUsageServerAuth}, - - ExtraExtensions: []pkix.Extension{ - { - Id: oid, - Critical: true, - Value: nil, - }, - }, - } - - derBytes, err := CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv) - if err != nil { - t.Fatalf("failed to create certificate: %s", err) - } - - cert, err := ParseCertificate(derBytes) - if err != nil { - t.Fatalf("Certificate with unknown critical extension was not parsed: %s", err) - } - - roots := NewCertPool() - roots.AddCert(cert) - - // Setting Roots ensures that Verify won't delegate to the OS - // library and thus the correct error should always be - // returned. - _, err = cert.Verify(VerifyOptions{Roots: roots}) - if err == nil { - t.Fatal("Certificate with unknown critical extension was verified without error") - } - if _, ok := err.(UnhandledCriticalExtension); !ok { - t.Fatalf("Error was %#v, but wanted one of type UnhandledCriticalExtension", err) - } - - cert.UnhandledCriticalExtensions = nil - if _, err = cert.Verify(VerifyOptions{Roots: roots}); err != nil { - t.Errorf("Certificate failed to verify after unhandled critical extensions were cleared: %s", err) - } - } -} - // Self-signed certificate using ECDSA with SHA1 & secp256r1 var ecdsaSHA1CertPem = ` -----BEGIN CERTIFICATE----- |