Closed
Bug 1111392
Opened 10 years ago
Closed 10 years ago
Add tests for malformed name constraints when there are no names of the constrained type
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla37
People
(Reporter: briansmith, Assigned: briansmith)
References
Details
Attachments
(1 file)
2.85 KB,
patch
|
keeler
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Attachment #8536227 -
Flags: review?(dkeeler)
Assignee | ||
Updated•10 years ago
|
Severity: major → minor
Assignee | ||
Updated•10 years ago
|
OS: Windows 8.1 → All
Hardware: x86_64 → All
Comment 1•10 years ago
|
||
Comment on attachment 8536227 [details] [diff] [review]
more-name-constraint-tests.patch
Review of attachment 8536227 [details] [diff] [review]:
-----------------------------------------------------------------
LGTM. Just a couple of questions.
::: security/pkix/test/gtest/pkixnames_tests.cpp
@@ +1754,5 @@
> + // Name constraints for unsupported types of names are ignored when there are
> + // are no names of that type to constrain.
> + { ByteString(), NO_SAN,
> + GeneralSubtree(DNSName("!")),
> + Success, Success
Isn't this the same as the first new test?
@@ +1758,5 @@
> + Success, Success
> + },
> +
> + /////////////////////////////////////////////////////////////////////////////
> + // Name constraints for unsupported types of names guarantee always result in
s/guarantee // ?
@@ +1760,5 @@
> +
> + /////////////////////////////////////////////////////////////////////////////
> + // Name constraints for unsupported types of names guarantee always result in
> + // failure when there are names of that type to constrain.
> +
Are there supposed to be more tests here, or is this just additional documentation for existing tests?
Attachment #8536227 -
Flags: review?(dkeeler) → review+
Assignee | ||
Comment 2•10 years ago
|
||
(In reply to David Keeler (:keeler) [use needinfo?] from comment #1)
> Isn't this the same as the first new test?
Yes. I removed the redundant copy. Thanks for noticing that.
> > + /////////////////////////////////////////////////////////////////////////////
> > + // Name constraints for unsupported types of names guarantee always result in
>
> s/guarantee // ?
Oops! I overlooked this comment. I will push a fix for this typo.
> > + /////////////////////////////////////////////////////////////////////////////
> > + // Name constraints for unsupported types of names guarantee always result in
> > + // failure when there are names of that type to constrain.
> > +
>
> Are there supposed to be more tests here, or is this just additional
> documentation for existing tests?
I decided to split those tests into a separate patch because they aren't relevant to the RFC 822 name constraint issue like this one is. I forgot to remove that comment, but I've removed the comment. Thanks for noticing this.
https://hg.mozilla.org/integration/mozilla-inbound/rev/64e991d62eeb
Assignee | ||
Comment 3•10 years ago
|
||
(In reply to Brian Smith (:briansmith, :bsmith, use NEEDINFO?) from comment #2)
> > > + /////////////////////////////////////////////////////////////////////////////
> > > + // Name constraints for unsupported types of names guarantee always result in
> >
> > s/guarantee // ?
>
> Oops! I overlooked this comment. I will push a fix for this typo.
Actually, I'll just incorporate that typo fix into the not-yet-pushed patch that will add that comment!
Comment 4•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•