The original test did not properly test the bugs it fixed (SAN vs. CN)
and violated BoringSSL invariants:
- That SSL_get_peer_certificate works on the pending session before the
handshake is a weird OpenSSL quirk that may later get fixed in
BoringSSL. Calling code should not rely on this.
- SSL_SESSION is a private struct and may not be accessed directly by
callers.
- Caller especially may not mutate private structs. The tests did not
keep the SSL_SESSION's X509 and CRYPTO_BUFFER fields in sync.
Instead, make an actual connected SSL object and better test the SAN vs.
CN case.
Bug: webrtc:8888
Change-Id: I773508c676e47be12e52a1bd6bd71562f474e09c
Reviewed-on: https://webrtc-review.googlesource.com/73900
Commit-Queue: David Benjamin <davidben@webrtc.org>
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23129}
c816ffc0a5