net/base/x509_certificate_win.cc - Issue 8400075: Fix the "certificate is not yet valid" error for server certificates

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/x509_certificate_win.cc

Issue 8400075: Fix the "certificate is not yet valid" error for server certificates (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Fix Windows compilation errors. Created 9 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/x509_certificate_win.cc

===================================================================

--- net/base/x509_certificate_win.cc (revision 107789)

+++ net/base/x509_certificate_win.cc (working copy)

@@ -4,6 +4,8 @@

#include "net/base/x509_certificate.h"

+#include <sechash.h> // Implement CalculateChainFingerprint() with NSS.

#include "base/lazy_instance.h"

#include "base/logging.h"

#include "base/pickle.h"

@@ -541,6 +543,7 @@

valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter);

fingerprint_ = CalculateFingerprint(cert_handle_);

+ chain_fingerprint_ = CalculateChainFingerprint();

const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber;

scoped_array<uint8> serial_bytes(new uint8[serial->cbData]);

@@ -1018,6 +1021,27 @@

return sha1;

}

+SHA1Fingerprint X509Certificate::CalculateChainFingerprint() const {

+ SHA1Fingerprint sha1;

Ryan Sleevi 2011/10/29 02:53:15 Perhaps document here (or on line 7), why NSS was

wtc 2011/10/29 05:08:34 Done. In Patch Set 5 I also switched to the NSS l

+ memset(sha1.data, 0, sizeof(sha1.data));

+ HASHContext* sha1_ctx = HASH_Create(HASH_AlgSHA1);

+ if (!sha1_ctx)

+ return sha1;

+ HASH_Begin(sha1_ctx);

+ HASH_Update(sha1_ctx, cert_handle_->pbCertEncoded,

+ cert_handle_->cbCertEncoded);

+ for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {

+ PCCERT_CONTEXT ca_cert = intermediate_ca_certs_[i];

+ HASH_Update(sha1_ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded);

+ }

+ unsigned int result_len;

+ HASH_End(sha1_ctx, sha1.data, &result_len, HASH_ResultLenContext(sha1_ctx));

+ HASH_Destroy(sha1_ctx);

+ return sha1;

// static

X509Certificate::OSCertHandle

X509Certificate::ReadOSCertHandleFromPickle(const Pickle& pickle,

« no previous file with comments | « net/base/x509_certificate_unittest.cc ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »