Chromium Code Reviews Chromium Code Reviews
Issue 6331009:
Remove the check for the obsolete CERT_TRUST_IS_NOT_TIME_NESTED... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include "base/crypto/scoped_capi_types.h" | 7 #include "base/crypto/scoped_capi_types.h" |
| 8 #include "base/lazy_instance.h" | 8 #include "base/lazy_instance.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/pickle.h" | 10 #include "base/pickle.h" |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 86 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; | 86 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; |
| 87 return ERR_FAILED; | 87 return ERR_FAILED; |
| 88 } | 88 } |
| 89 } | 89 } |
| 90 | 90 |
| 91 // Map the errors in the chain_context->TrustStatus.dwErrorStatus returned by | 91 // Map the errors in the chain_context->TrustStatus.dwErrorStatus returned by |
| 92 // CertGetCertificateChain to our certificate status flags. | 92 // CertGetCertificateChain to our certificate status flags. |
| 93 int MapCertChainErrorStatusToCertStatus(DWORD error_status) { | 93 int MapCertChainErrorStatusToCertStatus(DWORD error_status) { |
| 94 int cert_status = 0; | 94 int cert_status = 0; |
| 95 | 95 |
| 96 // CERT_TRUST_IS_NOT_TIME_NESTED means a subject certificate's time validity | 96 // CERT_TRUST_IS_NOT_TIME_NESTED is obsolete, but we don't consider it an |
|
agl
2011/01/21 16:47:47
This would make me look for it in the code. Maybe
| |
| 97 // does not nest correctly within its issuer's time validity. | 97 // error anyway. |
| 98 const DWORD kDateInvalidErrors = CERT_TRUST_IS_NOT_TIME_VALID | | 98 const DWORD kDateInvalidErrors = CERT_TRUST_IS_NOT_TIME_VALID | |
| 99 CERT_TRUST_IS_NOT_TIME_NESTED | | |
| 100 CERT_TRUST_CTL_IS_NOT_TIME_VALID; | 99 CERT_TRUST_CTL_IS_NOT_TIME_VALID; |
| 101 if (error_status & kDateInvalidErrors) | 100 if (error_status & kDateInvalidErrors) |
| 102 cert_status |= CERT_STATUS_DATE_INVALID; | 101 cert_status |= CERT_STATUS_DATE_INVALID; |
| 103 | 102 |
| 104 const DWORD kAuthorityInvalidErrors = CERT_TRUST_IS_UNTRUSTED_ROOT | | 103 const DWORD kAuthorityInvalidErrors = CERT_TRUST_IS_UNTRUSTED_ROOT | |
| 105 CERT_TRUST_IS_EXPLICIT_DISTRUST | | 104 CERT_TRUST_IS_EXPLICIT_DISTRUST | |
| 106 CERT_TRUST_IS_PARTIAL_CHAIN; | 105 CERT_TRUST_IS_PARTIAL_CHAIN; |
| 107 if (error_status & kAuthorityInvalidErrors) | 106 if (error_status & kAuthorityInvalidErrors) |
| 108 cert_status |= CERT_STATUS_AUTHORITY_INVALID; | 107 cert_status |= CERT_STATUS_AUTHORITY_INVALID; |
| 109 | 108 |
| (...skipping 777 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 887 DWORD sha1_size = sizeof(sha1.data); | 886 DWORD sha1_size = sizeof(sha1.data); |
| 888 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, | 887 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, |
| 889 cert->cbCertEncoded, sha1.data, &sha1_size); | 888 cert->cbCertEncoded, sha1.data, &sha1_size); |
| 890 DCHECK(rv && sha1_size == sizeof(sha1.data)); | 889 DCHECK(rv && sha1_size == sizeof(sha1.data)); |
| 891 if (!rv) | 890 if (!rv) |
| 892 memset(sha1.data, 0, sizeof(sha1.data)); | 891 memset(sha1.data, 0, sizeof(sha1.data)); |
| 893 return sha1; | 892 return sha1; |
| 894 } | 893 } |
| 895 | 894 |
| 896 } // namespace net | 895 } // namespace net |
| OLD | NEW |
