Index: ios/web/net/cert_policy.cc |
diff --git a/ios/web/net/cert_policy.cc b/ios/web/net/cert_policy.cc |
index 46d5699de3f00d046137741edd53f924d5614ae6..5855f97b39128df06de3aa48e3c88d2a424d5541 100644 |
--- a/ios/web/net/cert_policy.cc |
+++ b/ios/web/net/cert_policy.cc |
@@ -19,10 +19,9 @@ CertPolicy::~CertPolicy() { |
// |error| is an exact match to or subset of the errors in the saved CertStatus. |
CertPolicy::Judgment CertPolicy::Check(net::X509Certificate* cert, |
net::CertStatus error) const { |
- std::map<net::SHA1HashValue, |
- net::CertStatus, |
- net::SHA1HashValueLessThan>::const_iterator allowed_iter = |
- allowed_.find(cert->fingerprint()); |
+ auto allowed_iter = |
+ allowed_.find(net::X509Certificate::CalculateChainFingerprint256( |
+ cert->os_cert_handle(), cert->GetIntermediateCertificates())); |
if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) && |
!(~(allowed_iter->second & error) ^ ~error)) { |
return ALLOWED; |
@@ -33,7 +32,8 @@ CertPolicy::Judgment CertPolicy::Check(net::X509Certificate* cert, |
void CertPolicy::Allow(net::X509Certificate* cert, net::CertStatus error) { |
// If this same cert had already been saved with a different error status, |
// this will replace it with the new error status. |
- allowed_[cert->fingerprint()] = error; |
+ allowed_[net::X509Certificate::CalculateChainFingerprint256( |
+ cert->os_cert_handle(), cert->GetIntermediateCertificates())] = error; |
} |
} // namespace web |