OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <map> | 10 #include <map> |
(...skipping 585 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
596 | 596 |
597 int rv = VerifyInternal(hostname, flags, verify_result); | 597 int rv = VerifyInternal(hostname, flags, verify_result); |
598 | 598 |
599 // This check is done after VerifyInternal so that VerifyInternal can fill in | 599 // This check is done after VerifyInternal so that VerifyInternal can fill in |
600 // the list of public key hashes. | 600 // the list of public key hashes. |
601 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { | 601 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { |
602 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; | 602 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; |
603 rv = MapCertStatusToNetError(verify_result->cert_status); | 603 rv = MapCertStatusToNetError(verify_result->cert_status); |
604 } | 604 } |
605 | 605 |
606 if (verify_result->has_md2 || verify_result->has_md4 || | |
607 verify_result->has_md5) { | |
palmer
2011/10/24 18:22:31
wtc does not want to ban MD5 yet. To ban MD5, and
wtc
2011/10/24 22:41:14
The signatures in the self-signed certificates of
Ryan Sleevi
2011/10/24 23:16:32
The logic currently includes roots (both has_mdX a
| |
608 verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; | |
609 rv = MapCertStatusToNetError(verify_result->cert_status); | |
610 } | |
611 | |
606 return rv; | 612 return rv; |
607 } | 613 } |
608 | 614 |
609 #if !defined(USE_NSS) | 615 #if !defined(USE_NSS) |
610 bool X509Certificate::VerifyNameMatch(const std::string& hostname) const { | 616 bool X509Certificate::VerifyNameMatch(const std::string& hostname) const { |
611 std::vector<std::string> dns_names, ip_addrs; | 617 std::vector<std::string> dns_names, ip_addrs; |
612 GetSubjectAltName(&dns_names, &ip_addrs); | 618 GetSubjectAltName(&dns_names, &ip_addrs); |
613 return VerifyHostname(hostname, subject_.common_name, dns_names, ip_addrs); | 619 return VerifyHostname(hostname, subject_.common_name, dns_names, ip_addrs); |
614 } | 620 } |
615 #endif | 621 #endif |
(...skipping 386 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1002 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, | 1008 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, |
1003 const uint8* array, | 1009 const uint8* array, |
1004 size_t array_byte_len) { | 1010 size_t array_byte_len) { |
1005 DCHECK_EQ(0u, array_byte_len % base::kSHA1Length); | 1011 DCHECK_EQ(0u, array_byte_len % base::kSHA1Length); |
1006 const size_t arraylen = array_byte_len / base::kSHA1Length; | 1012 const size_t arraylen = array_byte_len / base::kSHA1Length; |
1007 return NULL != bsearch(hash.data, array, arraylen, base::kSHA1Length, | 1013 return NULL != bsearch(hash.data, array, arraylen, base::kSHA1Length, |
1008 CompareSHA1Hashes); | 1014 CompareSHA1Hashes); |
1009 } | 1015 } |
1010 | 1016 |
1011 } // namespace net | 1017 } // namespace net |
OLD | NEW |