OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #include "base/lazy_instance.h" | 7 #include "base/lazy_instance.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "base/pickle.h" | 9 #include "base/pickle.h" |
10 #include "base/sha1.h" | 10 #include "base/sha1.h" |
(...skipping 781 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
792 &chain_context)) { | 792 &chain_context)) { |
793 return MapSecurityError(GetLastError()); | 793 return MapSecurityError(GetLastError()); |
794 } | 794 } |
795 } | 795 } |
796 ScopedCertChainContext scoped_chain_context(chain_context); | 796 ScopedCertChainContext scoped_chain_context(chain_context); |
797 | 797 |
798 GetCertChainInfo(chain_context, verify_result); | 798 GetCertChainInfo(chain_context, verify_result); |
799 verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( | 799 verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( |
800 chain_context->TrustStatus.dwErrorStatus); | 800 chain_context->TrustStatus.dwErrorStatus); |
801 | 801 |
802 // Treat certificates signed using broken signature algorithms as invalid. | |
803 if (verify_result->has_md4) | |
804 verify_result->cert_status |= CERT_STATUS_INVALID; | |
805 | |
806 // Flag certificates signed using weak signature algorithms. | |
807 if (verify_result->has_md2) | |
808 verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; | |
wtc
2011/10/24 22:36:42
Why don't we preserve the use of CERT_STATUS_INVAL
Ryan Sleevi
2011/10/24 23:16:32
How about a new error code? Is there any measurabl
| |
809 | |
810 // Flag certificates that have a Subject common name with a NULL character. | 802 // Flag certificates that have a Subject common name with a NULL character. |
811 if (CertSubjectCommonNameHasNull(cert_handle_)) | 803 if (CertSubjectCommonNameHasNull(cert_handle_)) |
812 verify_result->cert_status |= CERT_STATUS_INVALID; | 804 verify_result->cert_status |= CERT_STATUS_INVALID; |
813 | 805 |
814 std::wstring wstr_hostname = ASCIIToWide(hostname); | 806 std::wstring wstr_hostname = ASCIIToWide(hostname); |
815 | 807 |
816 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; | 808 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; |
817 memset(&extra_policy_para, 0, sizeof(extra_policy_para)); | 809 memset(&extra_policy_para, 0, sizeof(extra_policy_para)); |
818 extra_policy_para.cbSize = sizeof(extra_policy_para); | 810 extra_policy_para.cbSize = sizeof(extra_policy_para); |
819 extra_policy_para.dwAuthType = AUTHTYPE_SERVER; | 811 extra_policy_para.dwAuthType = AUTHTYPE_SERVER; |
(...skipping 231 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1051 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0], | 1043 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0], |
1052 &length)) { | 1044 &length)) { |
1053 return false; | 1045 return false; |
1054 } | 1046 } |
1055 | 1047 |
1056 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]), | 1048 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]), |
1057 length); | 1049 length); |
1058 } | 1050 } |
1059 | 1051 |
1060 } // namespace net | 1052 } // namespace net |
OLD | NEW |