| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
| 9 #include "base/string_tokenizer.h" | 9 #include "base/string_tokenizer.h" |
| 10 #include "base/string_util.h" | 10 #include "base/string_util.h" |
| (...skipping 453 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 464 &chain_context)) { | 464 &chain_context)) { |
| 465 return MapSecurityError(GetLastError()); | 465 return MapSecurityError(GetLastError()); |
| 466 } | 466 } |
| 467 ScopedCertChainContext scoped_chain_context(chain_context); | 467 ScopedCertChainContext scoped_chain_context(chain_context); |
| 468 | 468 |
| 469 GetCertChainInfo(chain_context, verify_result); | 469 GetCertChainInfo(chain_context, verify_result); |
| 470 | 470 |
| 471 verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( | 471 verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( |
| 472 chain_context->TrustStatus.dwErrorStatus); | 472 chain_context->TrustStatus.dwErrorStatus); |
| 473 | 473 |
| 474 // Treat certificate signatures using weak signature algorithms as invalid. |
| 475 if (verify_result->has_md2 || verify_result->has_md4) |
| 476 verify_result->cert_status |= CERT_STATUS_INVALID; |
| 477 |
| 474 std::wstring wstr_hostname = ASCIIToWide(hostname); | 478 std::wstring wstr_hostname = ASCIIToWide(hostname); |
| 475 | 479 |
| 476 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; | 480 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; |
| 477 memset(&extra_policy_para, 0, sizeof(extra_policy_para)); | 481 memset(&extra_policy_para, 0, sizeof(extra_policy_para)); |
| 478 extra_policy_para.cbSize = sizeof(extra_policy_para); | 482 extra_policy_para.cbSize = sizeof(extra_policy_para); |
| 479 extra_policy_para.dwAuthType = AUTHTYPE_SERVER; | 483 extra_policy_para.dwAuthType = AUTHTYPE_SERVER; |
| 480 extra_policy_para.fdwChecks = 0; | 484 extra_policy_para.fdwChecks = 0; |
| 481 extra_policy_para.pwszServerName = | 485 extra_policy_para.pwszServerName = |
| 482 const_cast<wchar_t*>(wstr_hostname.c_str()); | 486 const_cast<wchar_t*>(wstr_hostname.c_str()); |
| 483 | 487 |
| (...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 643 DWORD sha1_size = sizeof(sha1.data); | 647 DWORD sha1_size = sizeof(sha1.data); |
| 644 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, | 648 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, |
| 645 cert->cbCertEncoded, sha1.data, &sha1_size); | 649 cert->cbCertEncoded, sha1.data, &sha1_size); |
| 646 DCHECK(rv && sha1_size == sizeof(sha1.data)); | 650 DCHECK(rv && sha1_size == sizeof(sha1.data)); |
| 647 if (!rv) | 651 if (!rv) |
| 648 memset(sha1.data, 0, sizeof(sha1.data)); | 652 memset(sha1.data, 0, sizeof(sha1.data)); |
| 649 return sha1; | 653 return sha1; |
| 650 } | 654 } |
| 651 | 655 |
| 652 } // namespace net | 656 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 165426:
Merge 22709 - Treat certificate signatures using weak signature algorithms... (Closed)
Base URL: svn://chrome-svn/chrome/branches/195/src/