OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
6 | 6 |
7 #define PRArenaPool PLArenaPool // Required by <blapi.h>. | 7 #define PRArenaPool PLArenaPool // Required by <blapi.h>. |
8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. | 8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. |
9 | 9 |
10 #include "base/lazy_instance.h" | 10 #include "base/lazy_instance.h" |
(...skipping 852 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
863 return MapSecurityError(GetLastError()); | 863 return MapSecurityError(GetLastError()); |
864 } | 864 } |
865 } | 865 } |
866 | 866 |
867 ScopedPCCERT_CHAIN_CONTEXT scoped_chain_context(chain_context); | 867 ScopedPCCERT_CHAIN_CONTEXT scoped_chain_context(chain_context); |
868 | 868 |
869 GetCertChainInfo(chain_context, verify_result); | 869 GetCertChainInfo(chain_context, verify_result); |
870 verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( | 870 verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( |
871 chain_context->TrustStatus.dwErrorStatus); | 871 chain_context->TrustStatus.dwErrorStatus); |
872 | 872 |
873 // Treat certificates signed using broken signature algorithms as invalid. | |
874 if (verify_result->has_md4) | |
875 verify_result->cert_status |= CERT_STATUS_INVALID; | |
876 | |
877 // Flag certificates signed using weak signature algorithms. | |
878 if (verify_result->has_md2) | |
879 verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; | |
880 | |
881 // Flag certificates that have a Subject common name with a NULL character. | 873 // Flag certificates that have a Subject common name with a NULL character. |
882 if (CertSubjectCommonNameHasNull(cert_handle_)) | 874 if (CertSubjectCommonNameHasNull(cert_handle_)) |
883 verify_result->cert_status |= CERT_STATUS_INVALID; | 875 verify_result->cert_status |= CERT_STATUS_INVALID; |
884 | 876 |
885 std::wstring wstr_hostname = ASCIIToWide(hostname); | 877 std::wstring wstr_hostname = ASCIIToWide(hostname); |
886 | 878 |
887 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; | 879 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; |
888 memset(&extra_policy_para, 0, sizeof(extra_policy_para)); | 880 memset(&extra_policy_para, 0, sizeof(extra_policy_para)); |
889 extra_policy_para.cbSize = sizeof(extra_policy_para); | 881 extra_policy_para.cbSize = sizeof(extra_policy_para); |
890 extra_policy_para.dwAuthType = AUTHTYPE_SERVER; | 882 extra_policy_para.dwAuthType = AUTHTYPE_SERVER; |
(...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1147 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0], | 1139 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0], |
1148 &length)) { | 1140 &length)) { |
1149 return false; | 1141 return false; |
1150 } | 1142 } |
1151 | 1143 |
1152 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]), | 1144 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]), |
1153 length); | 1145 length); |
1154 } | 1146 } |
1155 | 1147 |
1156 } // namespace net | 1148 } // namespace net |
OLD | NEW |