Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_openssl.cc

Issue 8374020: Make it a fatal SSL error when encountering certs signed with md[2,4], and interstitial md5 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/x509_certificate.cc ('K') | « net/base/x509_certificate.cc ('k') | net/base/x509_certificate_win.cc » ('j') | net/base/x509_certificate_win.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <openssl/asn1.h> 7 #include <openssl/asn1.h>
8 #include <openssl/crypto.h> 8 #include <openssl/crypto.h>
9 #include <openssl/obj_mac.h> 9 #include <openssl/obj_mac.h>
10 #include <openssl/pem.h> 10 #include <openssl/pem.h>
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after
157 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 157 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
158 return CERT_STATUS_AUTHORITY_INVALID; 158 return CERT_STATUS_AUTHORITY_INVALID;
159 #if 0 159 #if 0
160 // TODO(bulach): what should we map to these status? 160 // TODO(bulach): what should we map to these status?
161 return CERT_STATUS_NO_REVOCATION_MECHANISM; 161 return CERT_STATUS_NO_REVOCATION_MECHANISM;
162 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; 162 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
163 return CERT_STATUS_NOT_IN_DNS; 163 return CERT_STATUS_NOT_IN_DNS;
164 #endif 164 #endif
165 case X509_V_ERR_CERT_REVOKED: 165 case X509_V_ERR_CERT_REVOKED:
166 return CERT_STATUS_REVOKED; 166 return CERT_STATUS_REVOKED;
167 case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
168 return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM;
169 // All these status are mapped to CERT_STATUS_INVALID. 167 // All these status are mapped to CERT_STATUS_INVALID.
170 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 168 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
171 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 169 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
172 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: 170 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
173 case X509_V_ERR_CERT_SIGNATURE_FAILURE: 171 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
174 case X509_V_ERR_CRL_SIGNATURE_FAILURE: 172 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
175 case X509_V_ERR_OUT_OF_MEM: 173 case X509_V_ERR_OUT_OF_MEM:
176 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: 174 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
177 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 175 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
178 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 176 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
179 case X509_V_ERR_INVALID_PURPOSE: 177 case X509_V_ERR_INVALID_PURPOSE:
180 case X509_V_ERR_CERT_UNTRUSTED: 178 case X509_V_ERR_CERT_UNTRUSTED:
181 case X509_V_ERR_CERT_REJECTED: 179 case X509_V_ERR_CERT_REJECTED:
182 case X509_V_ERR_AKID_SKID_MISMATCH: 180 case X509_V_ERR_AKID_SKID_MISMATCH:
183 case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: 181 case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
184 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: 182 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
183 case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
wtc 2011/10/24 22:36:42 The change in this file is correct, regardless of
185 case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: 184 case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
186 case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: 185 case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
187 case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: 186 case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
188 case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: 187 case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
189 case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: 188 case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
190 case X509_V_ERR_INVALID_EXTENSION: 189 case X509_V_ERR_INVALID_EXTENSION:
191 case X509_V_ERR_INVALID_POLICY_EXTENSION: 190 case X509_V_ERR_INVALID_POLICY_EXTENSION:
192 case X509_V_ERR_NO_EXPLICIT_POLICY: 191 case X509_V_ERR_NO_EXPLICIT_POLICY:
193 case X509_V_ERR_UNNESTED_RESOURCE: 192 case X509_V_ERR_UNNESTED_RESOURCE:
194 case X509_V_ERR_APPLICATION_VERIFICATION: 193 case X509_V_ERR_APPLICATION_VERIFICATION:
(...skipping 358 matching lines...) Expand 10 before | Expand all | Expand 10 after
553 DERCache der_cache; 552 DERCache der_cache;
554 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) 553 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache))
555 return false; 554 return false;
556 555
557 return pickle->WriteData( 556 return pickle->WriteData(
558 reinterpret_cast<const char*>(der_cache.data), 557 reinterpret_cast<const char*>(der_cache.data),
559 der_cache.data_length); 558 der_cache.data_length);
560 } 559 }
561 560
562 } // namespace net 561 } // namespace net
OLDNEW
« net/base/x509_certificate.cc ('K') | « net/base/x509_certificate.cc ('k') | net/base/x509_certificate_win.cc » ('j') | net/base/x509_certificate_win.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698