|
Remove the fingerprint and ca_fingerprint from X509Certificate
X509Certificate provided a function to get the SHA-1 hash of
the certificate data and the SHA-1 hash of the intermediates.
This was largely for sorting optimizations, but was never
intended to be a substitute for true equality checks (namely,
IsSameOSCert()). However, because X509Certificate::LessThan
used these, the comparison of two X509Certificates was less
secure than desired.
This removes the fingerprint members and the ability to
publicly compute the SHA-1 hash of the certificate/intermediates.
Callers can instead compute the SHA-256 fingerprint using
X509Certificate::Calculate[CA]Fingerprint256 to obtain the
equivalent SHA256HashValue fingerprint.
This also optimizes CalculateCAFingerprint256 to avoid
additional copies, by moving it to the platform-native
implementation.
BUG= 613460
Committed: https://crrev.com/de70f5cff2a6e16cda89b15fadd75cba11694fc3
Cr-Commit-Position: refs/heads/master@{#400904}
Total comments: 17
Total comments: 14
Total comments: 1
Total comments: 6
Total comments: 5
|
Unified diffs |
Side-by-side diffs |
Delta from patch set |
Stats (+427 lines, -571 lines) |
Patch |
|
M |
blimp/net/exact_match_cert_verifier.cc
|
View
|
|
1 chunk |
+0 lines, -5 lines |
0 comments
|
Download
|
|
M |
chrome/browser/safe_browsing/download_protection_service.cc
|
View
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
2 chunks |
+5 lines, -2 lines |
0 comments
|
Download
|
|
M |
chrome/browser/safe_browsing/download_protection_service_unittest.cc
|
View
|
1
2
3
4
5
6
7
|
2 chunks |
+7 lines, -3 lines |
0 comments
|
Download
|
|
M |
chrome/browser/ssl/ssl_browser_tests.cc
|
View
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
1 chunk |
+2 lines, -2 lines |
0 comments
|
Download
|
|
M |
chromeos/network/onc/onc_certificate_importer_impl_unittest.cc
|
View
|
1
2
|
2 chunks |
+10 lines, -2 lines |
0 comments
|
Download
|
|
M |
content/browser/cert_store_impl.h
|
View
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
2 chunks |
+26 lines, -1 line |
0 comments
|
Download
|
|
M |
content/browser/cert_store_impl.cc
|
View
|
1
2
3
4
5
|
1 chunk |
+26 lines, -6 lines |
0 comments
|
Download
|
|
M |
ios/web/navigation/crw_session_certificate_policy_manager.mm
|
View
|
1
2
3
4
5
6
7
8
9
10
11
|
4 chunks |
+9 lines, -3 lines |
0 comments
|
Download
|
|
M |
ios/web/net/cert_host_pair.h
|
View
|
1
2
3
4
5
6
7
8
9
10
11
|
2 chunks |
+11 lines, -5 lines |
0 comments
|
Download
|
|
M |
ios/web/net/cert_host_pair.cc
|
View
|
1
2
3
4
5
6
7
8
9
10
11
|
1 chunk |
+10 lines, -6 lines |
0 comments
|
Download
|
|
M |
ios/web/net/cert_host_pair_unittest.cc
|
View
|
1
2
3
4
5
6
7
8
9
10
11
12
|
5 chunks |
+16 lines, -8 lines |
0 comments
|
Download
|
|
M |
ios/web/net/cert_policy.cc
|
View
|
1
2
3
4
5
6
|
2 chunks |
+5 lines, -5 lines |
0 comments
|
Download
|
|
M |
ios/web/net/cert_store_impl.h
|
View
|
1
2
3
4
5
|
1 chunk |
+22 lines, -1 line |
0 comments
|
Download
|
|
M |
ios/web/net/cert_store_impl.cc
|
View
|
1
2
3
4
5
|
1 chunk |
+26 lines, -8 lines |
0 comments
|
Download
|
|
M |
ios/web/net/request_tracker_impl_unittest.mm
|
View
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
2 chunks |
+4 lines, -4 lines |
0 comments
|
Download
|
|
M |
ios/web/public/cert_policy.h
|
View
|
1
2
3
4
5
6
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
|
M |
net/cert/cert_verify_proc_nss.cc
|
View
|
|
7 chunks |
+5 lines, -48 lines |
0 comments
|
Download
|
|
M |
net/cert/cert_verify_proc_unittest.cc
|
View
|
1
|
3 chunks |
+6 lines, -11 lines |
0 comments
|
Download
|
|
M |
net/cert/cert_verify_proc_win.cc
|
View
|
1
2
3
4
5
6
7
8
|
1 chunk |
+4 lines, -3 lines |
0 comments
|
Download
|
|
M |
net/cert/nss_cert_database_unittest.cc
|
View
|
1
2
3
4
5
6
7
|
2 chunks |
+9 lines, -1 line |
0 comments
|
Download
|
|
M |
net/cert/nss_profile_filter_chromeos_unittest.cc
|
View
|
1
2
|
2 chunks |
+11 lines, -1 line |
0 comments
|
Download
|
|
M |
net/cert/x509_certificate.h
|
View
|
1
2
|
4 chunks |
+0 lines, -43 lines |
0 comments
|
Download
|
|
M |
net/cert/x509_certificate.cc
|
View
|
1
2
3
|
9 chunks |
+7 lines, -46 lines |
0 comments
|
Download
|
|
M |
net/cert/x509_certificate_ios.cc
|
View
|
1
|
3 chunks |
+10 lines, -27 lines |
0 comments
|
Download
|
|
M |
net/cert/x509_certificate_mac.cc
|
View
|
|
4 chunks |
+10 lines, -33 lines |
0 comments
|
Download
|
|
M |
net/cert/x509_certificate_nss.cc
|
View
|
1
|
3 chunks |
+12 lines, -30 lines |
0 comments
|
Download
|
|
M |
net/cert/x509_certificate_openssl.cc
|
View
|
1
|
3 chunks |
+9 lines, -21 lines |
0 comments
|
Download
|
|
M |
net/cert/x509_certificate_unittest.cc
|
View
|
1
|
9 chunks |
+151 lines, -212 lines |
0 comments
|
Download
|
|
M |
net/cert/x509_certificate_win.cc
|
View
|
1
2
3
4
5
6
7
8
9
10
|
3 chunks |
+10 lines, -30 lines |
0 comments
|
Download
|
|
M |
net/ssl/client_cert_store_mac.cc
|
View
|
|
1 chunk |
+3 lines, -3 lines |
0 comments
|
Download
|
Total messages: 56 (17 generated)
|