Index: net/base/x509_certificate.cc |
diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc |
index efb19eeb718168d8e82a215e65bf925f75eb9364..477c79e15d7689af464650c3ba092380cbd755f6 100644 |
--- a/net/base/x509_certificate.cc |
+++ b/net/base/x509_certificate.cc |
@@ -597,6 +597,25 @@ int X509Certificate::Verify(const std::string& hostname, |
rv = MapCertStatusToNetError(verify_result->cert_status); |
} |
+ // Treat certificates signed using broken signature algorithms as invalid. |
+ if (verify_result->has_md2 || verify_result->has_md4) { |
+ verify_result->cert_status |= CERT_STATUS_INVALID; |
+ rv = MapCertStatusToNetError(verify_result->cert_status); |
+ } |
+ |
+ // Flag certificates using weak signature algorithms. |
+ if (verify_result->has_md5) { |
+ bool has_cert_status_error = |
wtc
2011/12/02 23:04:59
Nit: has_cert_status_error => cert_status_has_erro
|
+ IsCertStatusError(verify_result->cert_status); |
+ verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; |
+ // Only replace the error code if verification was successful or if the |
+ // error has also been reported in |cert_status|. This is to avoid the |
+ // possibility of replacing a more fatal error (such as an OS/library |
wtc
2011/12/02 23:04:59
Nit: remove "the possibility of".
|
+ // failure), which may not be reported in |cert_status|. |
+ if (rv == OK || (IsCertificateError(rv) && has_cert_status_error)) |
Ryan Sleevi
2011/11/20 00:17:00
I believe the following check should be a sufficie
wtc
2011/12/02 23:04:59
I'm still not convinced that we should check
has_c
Ryan Sleevi
2011/12/02 23:54:28
Then it's a bug - MapSecurityError() can return a
wtc
2011/12/06 00:56:17
It is true that MapSecurityError in x509_certifica
|
+ rv = MapCertStatusToNetError(verify_result->cert_status); |
+ } |
+ |
return rv; |
} |