OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
9 #include "base/string_tokenizer.h" | 9 #include "base/string_tokenizer.h" |
10 #include "base/string_util.h" | 10 #include "base/string_util.h" |
(...skipping 455 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
466 &chain_context)) { | 466 &chain_context)) { |
467 return MapSecurityError(GetLastError()); | 467 return MapSecurityError(GetLastError()); |
468 } | 468 } |
469 ScopedCertChainContext scoped_chain_context(chain_context); | 469 ScopedCertChainContext scoped_chain_context(chain_context); |
470 | 470 |
471 GetCertChainInfo(chain_context, verify_result); | 471 GetCertChainInfo(chain_context, verify_result); |
472 | 472 |
473 verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( | 473 verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( |
474 chain_context->TrustStatus.dwErrorStatus); | 474 chain_context->TrustStatus.dwErrorStatus); |
475 | 475 |
| 476 // Treat certificate signatures using weak signature algorithms as invalid. |
| 477 if (verify_result->has_md2 || verify_result->has_md4) |
| 478 verify_result->cert_status |= CERT_STATUS_INVALID; |
| 479 |
476 std::wstring wstr_hostname = ASCIIToWide(hostname); | 480 std::wstring wstr_hostname = ASCIIToWide(hostname); |
477 | 481 |
478 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; | 482 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; |
479 memset(&extra_policy_para, 0, sizeof(extra_policy_para)); | 483 memset(&extra_policy_para, 0, sizeof(extra_policy_para)); |
480 extra_policy_para.cbSize = sizeof(extra_policy_para); | 484 extra_policy_para.cbSize = sizeof(extra_policy_para); |
481 extra_policy_para.dwAuthType = AUTHTYPE_SERVER; | 485 extra_policy_para.dwAuthType = AUTHTYPE_SERVER; |
482 extra_policy_para.fdwChecks = 0; | 486 extra_policy_para.fdwChecks = 0; |
483 extra_policy_para.pwszServerName = | 487 extra_policy_para.pwszServerName = |
484 const_cast<wchar_t*>(wstr_hostname.c_str()); | 488 const_cast<wchar_t*>(wstr_hostname.c_str()); |
485 | 489 |
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
647 DWORD sha1_size = sizeof(sha1.data); | 651 DWORD sha1_size = sizeof(sha1.data); |
648 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, | 652 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, |
649 cert->cbCertEncoded, sha1.data, &sha1_size); | 653 cert->cbCertEncoded, sha1.data, &sha1_size); |
650 DCHECK(rv && sha1_size == sizeof(sha1.data)); | 654 DCHECK(rv && sha1_size == sizeof(sha1.data)); |
651 if (!rv) | 655 if (!rv) |
652 memset(sha1.data, 0, sizeof(sha1.data)); | 656 memset(sha1.data, 0, sizeof(sha1.data)); |
653 return sha1; | 657 return sha1; |
654 } | 658 } |
655 | 659 |
656 } // namespace net | 660 } // namespace net |
OLD | NEW |