Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(137)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/base/ssl_client_socket_win.cc

Issue 17471: Measure how often the users are encountering MD5... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 11 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/base/ssl_client_socket_win.h ('k') | net/build/net.vcproj » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/ssl_client_socket_win.cc
===================================================================
--- net/base/ssl_client_socket_win.cc (revision 7755)
+++ net/base/ssl_client_socket_win.cc (working copy)
@@ -9,6 +9,7 @@
#include "base/lock.h"
#include "base/singleton.h"
#include "base/string_util.h"
+#include "net/base/connection_type_histograms.h"
#include "net/base/net_errors.h"
#include "net/base/scoped_cert_chain_context.h"
#include "net/base/ssl_info.h"
@@ -1021,6 +1022,44 @@
return VerifyServerCert();
}
+// static
+void SSLClientSocketWin::LogConnectionTypeMetrics(
+ PCCERT_CHAIN_CONTEXT chain_context) {
+ UpdateConnectionTypeHistograms(CONNECTION_SSL);
+
+ PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0];
+ int num_elements = first_chain->cElement;
+ PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement;
+ bool has_md5 = false;
+ bool has_md2 = false;
+ bool has_md4 = false;
+
+ // Each chain starts with the end entity certificate and ends with the root
+ // CA certificate. Do not inspect the signature algorithm of the root CA
+ // certificate because the signature on the trust anchor is not important.
+ for (int i = 0; i < num_elements - 1; ++i) {
+ PCCERT_CONTEXT cert = element[i]->pCertContext;
+ const char* algorithm = cert->pCertInfo->SignatureAlgorithm.pszObjId;
+ if (strcmp(algorithm, szOID_RSA_MD5RSA) == 0) {
+ // md5WithRSAEncryption: 1.2.840.113549.1.1.4
+ has_md5 = true;
+ } else if (strcmp(algorithm, szOID_RSA_MD2RSA) == 0) {
+ // md2WithRSAEncryption: 1.2.840.113549.1.1.2
+ has_md2 = true;
+ } else if (strcmp(algorithm, szOID_RSA_MD4RSA) == 0) {
+ // md4WithRSAEncryption: 1.2.840.113549.1.1.3
+ has_md4 = true;
+ }
+ }
+
+ if (has_md5)
+ UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5);
+ if (has_md2)
+ UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2);
+ if (has_md4)
+ UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4);
+}
+
// Set server_cert_status_ and return OK or a network error.
int SSLClientSocketWin::VerifyServerCert() {
DCHECK(server_cert_);
@@ -1058,6 +1097,8 @@
}
ScopedCertChainContext scoped_chain_context(chain_context);
+ LogConnectionTypeMetrics(chain_context);
+
server_cert_status_ |= MapCertChainErrorStatusToCertStatus(
chain_context->TrustStatus.dwErrorStatus);
« no previous file with comments | « net/base/ssl_client_socket_win.h ('k') | net/build/net.vcproj » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698