Chromium Code Reviews Chromium Code Reviews
Issue 8568040:
Refuse to accept certificate chains containing any RSA public key smaller (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file intentionally does not have header guards, it's included | 5 // This file intentionally does not have header guards, it's included |
| 6 // inside a macro to generate enum. | 6 // inside a macro to generate enum. |
| 7 | 7 |
| 8 // This file contains the list of network errors. | 8 // This file contains the list of network errors. |
| 9 | 9 |
| 10 // | 10 // |
| (...skipping 355 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 366 // signature algorithm. | 366 // signature algorithm. |
| 367 NET_ERROR(CERT_WEAK_SIGNATURE_ALGORITHM, -208) | 367 NET_ERROR(CERT_WEAK_SIGNATURE_ALGORITHM, -208) |
| 368 | 368 |
| 369 // The domain has CERT records which are tagged as being an exclusive list of | 369 // The domain has CERT records which are tagged as being an exclusive list of |
| 370 // valid fingerprints. But the certificate presented was not in this list. | 370 // valid fingerprints. But the certificate presented was not in this list. |
| 371 NET_ERROR(CERT_NOT_IN_DNS, -209) | 371 NET_ERROR(CERT_NOT_IN_DNS, -209) |
| 372 | 372 |
| 373 // The host name specified in the certificate is not unique. | 373 // The host name specified in the certificate is not unique. |
| 374 NET_ERROR(CERT_NON_UNIQUE_NAME, -210) | 374 NET_ERROR(CERT_NON_UNIQUE_NAME, -210) |
| 375 | 375 |
| 376 // The server responded with a certificate that contains a weak key (e.g. | |
|
wtc
2011/11/17 02:52:18
Nit: Shorten this to "The server's certificate con
| |
| 377 // a too-small RSA key). | |
| 378 NET_ERROR(CERT_WEAK_KEY, -211) | |
| 379 | |
| 376 // Add new certificate error codes here. | 380 // Add new certificate error codes here. |
| 377 // | 381 // |
| 378 // Update the value of CERT_END whenever you add a new certificate error | 382 // Update the value of CERT_END whenever you add a new certificate error |
| 379 // code. | 383 // code. |
| 380 | 384 |
| 381 // The value immediately past the last certificate error code. | 385 // The value immediately past the last certificate error code. |
| 382 NET_ERROR(CERT_END, -211) | 386 NET_ERROR(CERT_END, -212) |
| 383 | 387 |
| 384 // The URL is invalid. | 388 // The URL is invalid. |
| 385 NET_ERROR(INVALID_URL, -300) | 389 NET_ERROR(INVALID_URL, -300) |
| 386 | 390 |
| 387 // The scheme of the URL is disallowed. | 391 // The scheme of the URL is disallowed. |
| 388 NET_ERROR(DISALLOWED_URL_SCHEME, -301) | 392 NET_ERROR(DISALLOWED_URL_SCHEME, -301) |
| 389 | 393 |
| 390 // The scheme of the URL is unknown. | 394 // The scheme of the URL is unknown. |
| 391 NET_ERROR(UNKNOWN_URL_SCHEME, -302) | 395 NET_ERROR(UNKNOWN_URL_SCHEME, -302) |
| 392 | 396 |
| (...skipping 243 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 636 NET_ERROR(DNS_SERVER_FAILED, -802) | 640 NET_ERROR(DNS_SERVER_FAILED, -802) |
| 637 | 641 |
| 638 // DNS transaction timed out. | 642 // DNS transaction timed out. |
| 639 NET_ERROR(DNS_TIMED_OUT, -803) | 643 NET_ERROR(DNS_TIMED_OUT, -803) |
| 640 | 644 |
| 641 // The entry was not found in cache, for cache-only lookups. | 645 // The entry was not found in cache, for cache-only lookups. |
| 642 NET_ERROR(DNS_CACHE_MISS, -804) | 646 NET_ERROR(DNS_CACHE_MISS, -804) |
| 643 | 647 |
| 644 // FIXME: Take the next number. | 648 // FIXME: Take the next number. |
| 645 NET_ERROR(PIPELINE_EVICTION, -900) | 649 NET_ERROR(PIPELINE_EVICTION, -900) |
| OLD | NEW |
