Index: net/base/x509_certificate_win.cc |
=================================================================== |
--- net/base/x509_certificate_win.cc (revision 23393) |
+++ net/base/x509_certificate_win.cc (working copy) |
@@ -471,10 +471,14 @@ |
verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( |
chain_context->TrustStatus.dwErrorStatus); |
- // Treat certificate signatures using weak signature algorithms as invalid. |
- if (verify_result->has_md2 || verify_result->has_md4) |
+ // Treat certificates signed using broken signature algorithms as invalid. |
+ if (verify_result->has_md4) |
verify_result->cert_status |= CERT_STATUS_INVALID; |
+ // Flag certificates signed using weak signature algorithms. |
+ if (verify_result->has_md2) |
+ verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; |
+ |
std::wstring wstr_hostname = ASCIIToWide(hostname); |
SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; |