net/base/x509_certificate_win.cc - Issue 164115: Treat certificate signatures using weak signature algorithms... - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(135)

My Issues | Starred Open | Closed | All

Unified Diff: net/base/x509_certificate_win.cc

Issue 164115: Treat certificate signatures using weak signature algorithms... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: Created 11 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/base/x509_certificate_win.cc

===================================================================

--- net/base/x509_certificate_win.cc (revision 22579)

+++ net/base/x509_certificate_win.cc (working copy)

@@ -471,6 +471,10 @@

verify_result->cert_status |= MapCertChainErrorStatusToCertStatus(

chain_context->TrustStatus.dwErrorStatus);

+ // Treat certificate signatures using weak signature algorithms as invalid.

+ if (verify_result->has_md2 || verify_result->has_md4)

+ verify_result->cert_status |= CERT_STATUS_INVALID;

+

std::wstring wstr_hostname = ASCIIToWide(hostname);

SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para;

« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698