Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-27 12:50:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 1108408 - GeneralName types such as otherName where the value is a SEQUENCE should have the CONSTRUCTED bit set r=briansmith

Browse Source
This commit is contained in:
David Keeler 2014-12-08 13:39:19 -08:00
parent 7ec9bbd504
commit c3ba2c1217
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
security/pkix/lib/pkixnames.cpp
View File

@ -54,14 +54,15 @@ namespace {
// registeredID [8] OBJECT IDENTIFIER }
MOZILLA_PKIX_ENUM_CLASS GeneralNameType : uint8_t
{
// Note that these values are NOT contiguous because directoryName also
// has the der::CONSTRUCTED bit set.
otherName = der::CONTEXT_SPECIFIC | 0,
// Note that these values are NOT contiguous. Some values have the
// der::CONSTRUCTED bit set while others do not.
// (The der::CONSTRUCTED bit is for types where the value is a SEQUENCE.)
otherName = der::CONTEXT_SPECIFIC | der::CONSTRUCTED | 0,
rfc822Name = der::CONTEXT_SPECIFIC | 1,
dNSName = der::CONTEXT_SPECIFIC | 2,
x400Address = der::CONTEXT_SPECIFIC | 3,
x400Address = der::CONTEXT_SPECIFIC | der::CONSTRUCTED | 3,
directoryName = der::CONTEXT_SPECIFIC | der::CONSTRUCTED | 4,
ediPartyName = der::CONTEXT_SPECIFIC | 5,
ediPartyName = der::CONTEXT_SPECIFIC | der::CONSTRUCTED | 5,
uniformResourceIdentifier = der::CONTEXT_SPECIFIC | 6,
iPAddress = der::CONTEXT_SPECIFIC | 7,
registeredID = der::CONTEXT_SPECIFIC | 8,

11
security/pkix/test/gtest/pkixnames_tests.cpp
View File

@ -1438,6 +1438,17 @@ static const CheckCertHostnameParams CHECK_CERT_HOSTNAME_PARAMS[] =
WITH_SAN(ipv4_mapped_ipv6_addr_str, RDN(CN("foo")),
IPAddress(ipv4_addr_bytes),
Result::ERROR_BAD_CERT_DOMAIN),
// Test that the presence of an otherName entry is handled appropriately.
// (The actual value of the otherName entry isn't important - that's not what
// we're testing here.)
WITH_SAN("example.com", ByteString(),
// The tag for otherName is CONTEXT_SPECIFIC | CONSTRUCTED | 0
TLV((2 << 6) | (1 << 5) | 0, ByteString()) + DNSName("example.com"),
Success),
WITH_SAN("example.com", ByteString(),
TLV((2 << 6) | (1 << 5) | 0, ByteString()),
Result::ERROR_BAD_CERT_DOMAIN),
};
ByteString