chrome/browser/ssl/ssl_error_info.cc - Issue 20628006: Reject certificates that are valid for too long.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/ssl/ssl_error_info.cc

Issue 20628006: Reject certificates that are valid for too long. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rebase?! In our moment of triumph?! Created 6 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/ssl/ssl_error_info.cc

diff --git a/chrome/browser/ssl/ssl_error_info.cc b/chrome/browser/ssl/ssl_error_info.cc

index 4a9060ac2afc2c93f7fffff31640ad23f2b31776..509f08354afd43ecb829562b468d511c171b77ca 100644

--- a/chrome/browser/ssl/ssl_error_info.cc

+++ b/chrome/browser/ssl/ssl_error_info.cc

@@ -226,6 +226,19 @@ SSLErrorInfo SSLErrorInfo::CreateError(ErrorType error_type,

IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE);

short_description = l10n_util::GetStringUTF16(

IDS_ERRORPAGES_DETAILS_PINNING_FAILURE);

+ case CERT_TOO_LONG_VALIDITY:

+ title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_TOO_LONG_VALIDITY_TITLE);

+ details = l10n_util::GetStringFUTF16(

+ IDS_CERT_ERROR_TOO_LONG_VALIDITY_DETAILS,

+ UTF8ToUTF16(request_url.host()));

+ short_description = l10n_util::GetStringUTF16(

+ IDS_CERT_ERROR_TOO_LONG_VALIDITY_DESCRIPTION);

+ extra_info.push_back(

+ l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1));

+ extra_info.push_back(

+ l10n_util::GetStringUTF16(

+ IDS_CERT_ERROR_TOO_LONG_VALIDITY_EXTRA_INFO_2));

+ break;

case UNKNOWN:

title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_TITLE);

details = l10n_util::GetStringUTF16(IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS);

@@ -270,6 +283,8 @@ SSLErrorInfo::ErrorType SSLErrorInfo::NetErrorToErrorType(int net_error) {

return CERT_WEAK_KEY_DH;

case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:

return CERT_PINNED_KEY_MISSING;

+ case net::ERR_CERT_TOO_LONG_VALIDITY:

+ return CERT_TOO_LONG_VALIDITY;

default:

NOTREACHED();

return UNKNOWN;

@@ -292,6 +307,7 @@ int SSLErrorInfo::GetErrorsForCertStatus(int cert_id,

net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM,

net::CERT_STATUS_WEAK_KEY,

net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION,

+ net::CERT_STATUS_TOO_LONG_VALIDITY

};

const ErrorType kErrorTypes[] = {

@@ -305,6 +321,7 @@ int SSLErrorInfo::GetErrorsForCertStatus(int cert_id,

CERT_WEAK_SIGNATURE_ALGORITHM,

CERT_WEAK_KEY,

CERT_NAME_CONSTRAINT_VIOLATION,

+ CERT_TOO_LONG_VALIDITY

};

DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes));

@@ -318,9 +335,10 @@ int SSLErrorInfo::GetErrorsForCertStatus(int cert_id,

cert_id, &cert);

DCHECK(r);

}

- if (errors)

+ if (errors) {

errors->push_back(

SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url));

+ }

}

return count;

« no previous file with comments | « chrome/browser/ssl/ssl_error_info.h ('k') | content/browser/ssl/ssl_policy.cc » ('j') | net/cert/cert_verify_proc.cc » ('J')