Index: chrome/browser/safe_browsing/download_protection_service.cc |
diff --git a/chrome/browser/safe_browsing/download_protection_service.cc b/chrome/browser/safe_browsing/download_protection_service.cc |
index cdb87558e9eab975404b2e6fc9823c969d58471d..d0d09bed94c67fd0964bf0a04daa3e73366dec06 100644 |
--- a/chrome/browser/safe_browsing/download_protection_service.cc |
+++ b/chrome/browser/safe_browsing/download_protection_service.cc |
@@ -20,6 +20,7 @@ |
#include "base/metrics/sparse_histogram.h" |
#include "base/rand_util.h" |
#include "base/sequenced_task_runner_helpers.h" |
+#include "base/sha1.h" |
#include "base/stl_util.h" |
#include "base/strings/string_number_conversions.h" |
#include "base/strings/string_split.h" |
@@ -1670,8 +1671,10 @@ void DownloadProtectionService::GetCertificateWhitelistStrings( |
paths_to_check.insert(ou_tokens[i]); |
} |
- std::string issuer_fp = base::HexEncode(issuer.fingerprint().data, |
- sizeof(issuer.fingerprint().data)); |
+ std::string issuer_der; |
+ net::X509Certificate::GetDEREncoded(issuer.os_cert_handle(), &issuer_der); |
Nathan Parker
2016/06/16 18:32:23
Can you verify this produces the same string as be
Ryan Sleevi
2016/06/16 21:16:45
Confirmed.
|
+ std::string hashed = base::SHA1HashString(issuer_der); |
+ std::string issuer_fp = base::HexEncode(hashed.data(), hashed.size()); |
for (std::set<std::string>::iterator it = paths_to_check.begin(); |
it != paths_to_check.end(); ++it) { |
whitelist_strings->push_back("cert/" + issuer_fp + *it); |