+
+func TestInvalidPolicyOID(t *testing.T) {
+ template := Certificate{
+ SerialNumber: big.NewInt(1),
+ Subject: pkix.Name{CommonName: "Cert"},
+ NotBefore: time.Now(),
+ NotAfter: time.Now().Add(time.Hour),
+ PolicyIdentifiers: []asn1.ObjectIdentifier{[]int{1, 2, 3}},
+ Policies: []OID{OID{}},
+ }
+ _, err := CreateCertificate(rand.Reader, &template, &template, rsaPrivateKey.Public(), rsaPrivateKey)
+ expected := "invalid policy object identifier"
+ if err.Error() != expected {
+ t.Fatalf("CreateCertificate() unexpected error: %v, want: %v", err, expected)
+ }
+}