| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #define PRArenaPool PLArenaPool // Required by <blapi.h>. | 7 #define PRArenaPool PLArenaPool // Required by <blapi.h>. |
| 8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. | 8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. |
| 9 | 9 |
| 10 #include "base/lazy_instance.h" | 10 #include "base/lazy_instance.h" |
| (...skipping 852 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 863 return MapSecurityError(GetLastError()); | 863 return MapSecurityError(GetLastError()); |
| 864 } | 864 } |
| 865 } | 865 } |
| 866 | 866 |
| 867 ScopedPCCERT_CHAIN_CONTEXT scoped_chain_context(chain_context); | 867 ScopedPCCERT_CHAIN_CONTEXT scoped_chain_context(chain_context); |
| 868 | 868 |
| 869 GetCertChainInfo(chain_context, verify_result); | 869 GetCertChainInfo(chain_context, verify_result); |
| 870 verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( | 870 verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( |
| 871 chain_context->TrustStatus.dwErrorStatus); | 871 chain_context->TrustStatus.dwErrorStatus); |
| 872 | 872 |
| 873 // Treat certificates signed using broken signature algorithms as invalid. | |
| 874 if (verify_result->has_md4) | |
| 875 verify_result->cert_status |= CERT_STATUS_INVALID; | |
| 876 | |
| 877 // Flag certificates signed using weak signature algorithms. | |
| 878 if (verify_result->has_md2) | |
| 879 verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; | |
| 880 | |
| 881 // Flag certificates that have a Subject common name with a NULL character. | 873 // Flag certificates that have a Subject common name with a NULL character. |
| 882 if (CertSubjectCommonNameHasNull(cert_handle_)) | 874 if (CertSubjectCommonNameHasNull(cert_handle_)) |
| 883 verify_result->cert_status |= CERT_STATUS_INVALID; | 875 verify_result->cert_status |= CERT_STATUS_INVALID; |
| 884 | 876 |
| 885 std::wstring wstr_hostname = ASCIIToWide(hostname); | 877 std::wstring wstr_hostname = ASCIIToWide(hostname); |
| 886 | 878 |
| 887 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; | 879 SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; |
| 888 memset(&extra_policy_para, 0, sizeof(extra_policy_para)); | 880 memset(&extra_policy_para, 0, sizeof(extra_policy_para)); |
| 889 extra_policy_para.cbSize = sizeof(extra_policy_para); | 881 extra_policy_para.cbSize = sizeof(extra_policy_para); |
| 890 extra_policy_para.dwAuthType = AUTHTYPE_SERVER; | 882 extra_policy_para.dwAuthType = AUTHTYPE_SERVER; |
| (...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1147 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0], | 1139 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0], |
| 1148 &length)) { | 1140 &length)) { |
| 1149 return false; | 1141 return false; |
| 1150 } | 1142 } |
| 1151 | 1143 |
| 1152 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]), | 1144 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]), |
| 1153 length); | 1145 length); |
| 1154 } | 1146 } |
| 1155 | 1147 |
| 1156 } // namespace net | 1148 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8374020:
Make it a fatal SSL error when encountering certs signed with md[2,4], and interstitial md5 (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src