Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(240)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_certificate_win.cc

Issue 1988993002: Check self-signed certificate names and signatures (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: More Windows bugfixes Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/x509_certificate_openssl.cc ('K') | « net/cert/x509_certificate_unittest.cc ('k') | net/data/ssl/certificates/README » ('j') | net/data/ssl/scripts/ee.cnf » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/x509_certificate.h" 5 #include "net/cert/x509_certificate.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #include <openssl/sha.h> 9 #include <openssl/sha.h>
10 10
(...skipping 446 matching lines...) Expand 10 before | Expand all | Expand 10 after
457 valid_issuers)) { 457 valid_issuers)) {
458 return true; 458 return true;
459 } 459 }
460 } 460 }
461 461
462 return false; 462 return false;
463 } 463 }
464 464
465 // static 465 // static
466 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { 466 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
467 return !!CryptVerifyCertificateSignatureEx( 467 bool valid_signature = !!CryptVerifyCertificateSignatureEx(
468 NULL, 468 NULL, X509_ASN_ENCODING, CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,
469 X509_ASN_ENCODING,
470 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,
471 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 469 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)),
472 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, 470 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT,
473 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 471 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 0, NULL);
474 0, 472 if (!valid_signature) {
475 NULL); 473 return false;
474 }
475 DWORD subject_size =
svaldez 2016/05/20 17:54:52 Don't know whether its worth it, though it might b
dadrian 2016/05/20 19:01:21 The CertPrincipal::Matches() function is explicitl
476 CertNameToStr(X509_ASN_ENCODING, &cert_handle->pCertInfo->Subject,
477 CERT_X500_NAME_STR, NULL, 0);
478 DWORD issuer_size =
479 CertNameToStr(X509_ASN_ENCODING, &cert_handle->pCertInfo->Issuer,
480 CERT_X500_NAME_STR, NULL, 0);
481 if (subject_size < 1 || issuer_size < 1) {
482 return false;
483 }
484 std::unique_ptr<WCHAR[]> subject(new WCHAR[subject_size]);
485 std::unique_ptr<WCHAR[]> issuer(new WCHAR[issuer_size]);
486 DWORD subject_written =
487 CertNameToStr(X509_ASN_ENCODING, &cert_handle->pCertInfo->Subject,
488 CERT_X500_NAME_STR, subject.get(), subject_size);
489 DWORD issuer_written =
490 CertNameToStr(X509_ASN_ENCODING, &cert_handle->pCertInfo->Issuer,
491 CERT_X500_NAME_STR, issuer.get(), issuer_size);
492 if (subject_written != issuer_written) {
493 return false;
494 }
495 return memcmp(subject.get(), issuer.get(), subject_written * sizeof(WCHAR)) ==
496 0;
476 } 497 }
477 498
478 } // namespace net 499 } // namespace net
OLDNEW
« net/cert/x509_certificate_openssl.cc ('K') | « net/cert/x509_certificate_unittest.cc ('k') | net/data/ssl/certificates/README » ('j') | net/data/ssl/scripts/ee.cnf » ('J')

Powered by Google App Engine
This is Rietveld 408576698