Index: net/base/x509_certificate_win.cc |
diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc |
index 5c53a15bb55e39144d80d3fff9a6995a1a3074fa..e31504fa8c6e9b94ebc8e42802bcd610f393a957 100644 |
--- a/net/base/x509_certificate_win.cc |
+++ b/net/base/x509_certificate_win.cc |
@@ -799,14 +799,6 @@ int X509Certificate::VerifyInternal(const std::string& hostname, |
verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( |
chain_context->TrustStatus.dwErrorStatus); |
- // Treat certificates signed using broken signature algorithms as invalid. |
- if (verify_result->has_md4) |
- verify_result->cert_status |= CERT_STATUS_INVALID; |
- |
- // Flag certificates signed using weak signature algorithms. |
- if (verify_result->has_md2) |
- verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; |
wtc
2011/10/24 22:36:42
Why don't we preserve the use of CERT_STATUS_INVAL
Ryan Sleevi
2011/10/24 23:16:32
How about a new error code? Is there any measurabl
|
- |
// Flag certificates that have a Subject common name with a NULL character. |
if (CertSubjectCommonNameHasNull(cert_handle_)) |
verify_result->cert_status |= CERT_STATUS_INVALID; |