Chromium Code Reviews Chromium Code Reviews
Issue 1988993002:
Check self-signed certificate names and signatures (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/cert/x509_certificate_nss.cc |
| diff --git a/net/cert/x509_certificate_nss.cc b/net/cert/x509_certificate_nss.cc |
| index 4e6380648a30d469ae94147f8e705f4931ee187d..d5c658d212c811710d2c65c88e5c92b98aadf913 100644 |
| --- a/net/cert/x509_certificate_nss.cc |
| +++ b/net/cert/x509_certificate_nss.cc |
| @@ -285,6 +285,11 @@ bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { |
| crypto::ScopedSECKEYPublicKey public_key(CERT_ExtractPublicKey(cert_handle)); |
| if (!public_key.get()) |
| return false; |
| + SECComparison c = |
|
svaldez
2016/05/20 17:54:52
Do name check after key check to match other imple
dadrian
2016/05/20 19:01:21
Done.
|
| + CERT_CompareName(&cert_handle->subject, &cert_handle->issuer); |
| + if (c != SECComparison::SECEqual) { |
| + return false; |
| + } |
| return SECSuccess == CERT_VerifySignedDataWithPublicKey( |
| &cert_handle->signatureWrap, public_key.get(), NULL); |
| } |
