Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(223)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_win.cc

Issue 6331009: Remove the check for the obsolete CERT_TRUST_IS_NOT_TIME_NESTED... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Improve comment as agl suggested Created 9 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include "base/crypto/rsa_private_key.h" 7 #include "base/crypto/rsa_private_key.h"
8 #include "base/crypto/scoped_capi_types.h" 8 #include "base/crypto/scoped_capi_types.h"
9 #include "base/lazy_instance.h" 9 #include "base/lazy_instance.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
87 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; 87 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED";
88 return ERR_FAILED; 88 return ERR_FAILED;
89 } 89 }
90 } 90 }
91 91
92 // Map the errors in the chain_context->TrustStatus.dwErrorStatus returned by 92 // Map the errors in the chain_context->TrustStatus.dwErrorStatus returned by
93 // CertGetCertificateChain to our certificate status flags. 93 // CertGetCertificateChain to our certificate status flags.
94 int MapCertChainErrorStatusToCertStatus(DWORD error_status) { 94 int MapCertChainErrorStatusToCertStatus(DWORD error_status) {
95 int cert_status = 0; 95 int cert_status = 0;
96 96
97 // CERT_TRUST_IS_NOT_TIME_NESTED means a subject certificate's time validity 97 // We don't include CERT_TRUST_IS_NOT_TIME_NESTED because it's obsolete and
98 // does not nest correctly within its issuer's time validity. 98 // we wouldn't consider it an error anyway
99 const DWORD kDateInvalidErrors = CERT_TRUST_IS_NOT_TIME_VALID | 99 const DWORD kDateInvalidErrors = CERT_TRUST_IS_NOT_TIME_VALID |
100 CERT_TRUST_IS_NOT_TIME_NESTED |
101 CERT_TRUST_CTL_IS_NOT_TIME_VALID; 100 CERT_TRUST_CTL_IS_NOT_TIME_VALID;
102 if (error_status & kDateInvalidErrors) 101 if (error_status & kDateInvalidErrors)
103 cert_status |= CERT_STATUS_DATE_INVALID; 102 cert_status |= CERT_STATUS_DATE_INVALID;
104 103
105 const DWORD kAuthorityInvalidErrors = CERT_TRUST_IS_UNTRUSTED_ROOT | 104 const DWORD kAuthorityInvalidErrors = CERT_TRUST_IS_UNTRUSTED_ROOT |
106 CERT_TRUST_IS_EXPLICIT_DISTRUST | 105 CERT_TRUST_IS_EXPLICIT_DISTRUST |
107 CERT_TRUST_IS_PARTIAL_CHAIN; 106 CERT_TRUST_IS_PARTIAL_CHAIN;
108 if (error_status & kAuthorityInvalidErrors) 107 if (error_status & kAuthorityInvalidErrors)
109 cert_status |= CERT_STATUS_AUTHORITY_INVALID; 108 cert_status |= CERT_STATUS_AUTHORITY_INVALID;
110 109
(...skipping 850 matching lines...) Expand 10 before | Expand all | Expand 10 after
961 DWORD sha1_size = sizeof(sha1.data); 960 DWORD sha1_size = sizeof(sha1.data);
962 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, 961 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded,
963 cert->cbCertEncoded, sha1.data, &sha1_size); 962 cert->cbCertEncoded, sha1.data, &sha1_size);
964 DCHECK(rv && sha1_size == sizeof(sha1.data)); 963 DCHECK(rv && sha1_size == sizeof(sha1.data));
965 if (!rv) 964 if (!rv)
966 memset(sha1.data, 0, sizeof(sha1.data)); 965 memset(sha1.data, 0, sizeof(sha1.data));
967 return sha1; 966 return sha1;
968 } 967 }
969 968
970 } // namespace net 969 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698