Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(52)

Unified Diff: net/cert/cert_verify_proc.h

Issue 20628006: Reject certificates that are valid for too long. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase?! In our moment of triumph?! Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/cert/cert_verify_proc.h
diff --git a/net/cert/cert_verify_proc.h b/net/cert/cert_verify_proc.h
index 95e464e1595b97fe627c33fee9cfa39a095489f8..f60ed6d9232631f1ae2e0fcefb27a373bfe20d08 100644
--- a/net/cert/cert_verify_proc.h
+++ b/net/cert/cert_verify_proc.h
@@ -73,6 +73,7 @@ class NET_EXPORT CertVerifyProc
private:
friend class base::RefCountedThreadSafe<CertVerifyProc>;
FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts);
+ FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, TestHasTooLongValidity);
// Performs the actual verification using the desired underlying
// cryptographic library.
@@ -99,6 +100,18 @@ class NET_EXPORT CertVerifyProc
const std::vector<std::string>& dns_names,
const std::vector<std::string>& ip_addrs);
+ // The CA/Browser Forum's Baseline Requirements specify maximum validity
+ // periods (https://cabforum.org/Baseline_Requirements_V1.pdf):
+ //
+ // For certificates issued after 1 July 2012: 60 months.
+ // For certificates issued after 1 April 2015: 39 months.
+ //
+ // For certificates issued before the BRs took effect, there were no
+ // guidelines, but clamp them at a maximum of 10 year validity, with the
+ // requirement they expire within 7 years after the effective date of the BRs
+ // (i.e. by 1 July 2019).
+ static bool HasTooLongValidity(const X509Certificate& cert);
+
DISALLOW_COPY_AND_ASSIGN(CertVerifyProc);
};

Powered by Google App Engine
This is Rietveld 408576698