)
considerCandidate := func(certType int, candidate *Certificate) {
- if alreadyInChain(candidate, currentChain) {
+ if candidate.PublicKey == nil || alreadyInChain(candidate, currentChain) {
return
}
}
}
+
+func TestVerifyNilPubKey(t *testing.T) {
+ c := &Certificate{
+ RawIssuer: []byte{1, 2, 3},
+ AuthorityKeyId: []byte{1, 2, 3},
+ }
+ opts := &VerifyOptions{}
+ opts.Roots = NewCertPool()
+ r := &Certificate{
+ RawSubject: []byte{1, 2, 3},
+ SubjectKeyId: []byte{1, 2, 3},
+ }
+ opts.Roots.AddCert(r)
+
+ _, err := c.buildChains([]*Certificate{r}, nil, opts)
+ if _, ok := err.(UnknownAuthorityError); !ok {
+ t.Fatalf("buildChains returned unexpected error, got: %v, want %v", err, UnknownAuthorityError{})
+ }
+}