Don't depend on crypto/x509 in ssl_server_socket_unittest.

This doesn't particularly matter, but if we ever split the libraries up for enforcement, we'll want the dependencies out. The name of the issuing cert isn't going to change, so just hard-code it in the test. The ClientCertStore tests already do this and I'm not sure this field is used at all anyway. Bug: 706445 Change-Id: I780002ae90c9668507fba64a5c3acf0139c7bfe0 Reviewed-on: https://chromium-review.googlesource.com/690159Reviewed-by: Matt Mueller <mattm@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#505125}

Don't depend on crypto/x509 in ssl_server_socket_unittest.
This doesn't particularly matter, but if we ever split the libraries up for enforcement, we'll want the dependencies out. The name of the issuing cert isn't going to change, so just hard-code it in the test. The ClientCertStore tests already do this and I'm not sure this field is used at all anyway. Bug: 706445 Change-Id: I780002ae90c9668507fba64a5c3acf0139c7bfe0 Reviewed-on: https://chromium-review.googlesource.com/690159Reviewed-by: Matt Mueller <mattm@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#505125}
99dada21 · David Benjamin · Commit Bot · dfe573b3 · 99dada21
Commit 99dada21 authored Sep 28, 2017 by David Benjamin Committed by Commit Bot Sep 28, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 18 deletions

net/socket/ssl_server_socket_unittest.cc net/socket/ssl_server_socket_unittest.cc +6 -18

No files found.
--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -71,7 +71,6 @@
 #include "testing/platform_test.h"
 #include "third_party/boringssl/src/include/openssl/evp.h"
 #include "third_party/boringssl/src/include/openssl/ssl.h"
-#include "third_party/boringssl/src/include/openssl/x509.h"

 using net::test::IsError;
 using net::test::IsOk;
@@ -84,7 +83,6 @@ const char kClientCertFileName[] = "client_1.pem";
 const char kClientPrivateKeyFileName[] = "client_1.pk8";
 const char kWrongClientCertFileName[] = "client_2.pem";
 const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
-const char kClientCertCAFileName[] = "client_1_ca.pem";

 class MockCTPolicyEnforcer : public CTPolicyEnforcer {
 public:
@@ -435,22 +433,12 @@ class SSLServerSocketTest : public PlatformTest {
    server_ssl_config_.client_cert_type =
        SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;

-    bssl::UniquePtr<STACK_OF(X509_NAME)> cert_names(
-        SSL_load_client_CA_file(GetTestCertsDirectory()
-                                    .AppendASCII(kClientCertCAFileName)
-                                    .MaybeAsASCII()
-                                    .c_str()));
-    ASSERT_TRUE(cert_names);
-
-    for (size_t i = 0; i < sk_X509_NAME_num(cert_names.get()); ++i) {
-      uint8_t* str = nullptr;
-      int length = i2d_X509_NAME(sk_X509_NAME_value(cert_names.get(), i), &str);
-      ASSERT_LT(0, length);
-
-      server_ssl_config_.cert_authorities_.push_back(std::string(
-          reinterpret_cast<const char*>(str), static_cast<size_t>(length)));
-      OPENSSL_free(str);
-    }
+    // "CN=B CA" - DER encoded DN of the issuer of client_1.pem
+    static const uint8_t kClientCertCAName[] = {
+        0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55,
+        0x04, 0x03, 0x0c, 0x04, 0x42, 0x20, 0x43, 0x41};
+    server_ssl_config_.cert_authorities_.push_back(std::string(
+        std::begin(kClientCertCAName), std::end(kClientCertCAName)));

    scoped_refptr<X509Certificate> expected_client_cert(
        ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));