chrome/browser/ssl/ssl_error_info.cc - Issue 20628006: Reject certificates that are valid for too long.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/ssl/ssl_error_info.cc

Issue 20628006: Reject certificates that are valid for too long. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: "Manual rebase" due to age. Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/ssl/ssl_error_info.cc

diff --git a/chrome/browser/ssl/ssl_error_info.cc b/chrome/browser/ssl/ssl_error_info.cc

index 9737bdf6642ba5217b05e3e8099fc6f974bb55c5..1066a2fbf0406a793bca3a2de7ad549effc87a35 100644

--- a/chrome/browser/ssl/ssl_error_info.cc

+++ b/chrome/browser/ssl/ssl_error_info.cc

@@ -145,6 +145,19 @@ SSLErrorInfo SSLErrorInfo::CreateError(ErrorType error_type,

short_description = l10n_util::GetStringUTF16(

IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION);

break;

+ case CERT_TOO_LONG_VALIDITY:

+ title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_TOO_LONG_VALIDITY_TITLE);

+ details = l10n_util::GetStringFUTF16(

+ IDS_CERT_ERROR_TOO_LONG_VALIDITY_DETAILS,

+ UTF8ToUTF16(request_url.host()));

+ short_description = l10n_util::GetStringUTF16(

+ IDS_CERT_ERROR_TOO_LONG_VALIDITY_DESCRIPTION);

+ extra_info.push_back(

+ l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1));

+ extra_info.push_back(

+ l10n_util::GetStringUTF16(

+ IDS_CERT_ERROR_TOO_LONG_VALIDITY_EXTRA_INFO_2));

+ break;

case CERT_PINNED_KEY_MISSING:

details = l10n_util::GetStringUTF16(

IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE);

@@ -191,6 +204,8 @@ SSLErrorInfo::ErrorType SSLErrorInfo::NetErrorToErrorType(int net_error) {

return CERT_WEAK_KEY;

case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:

return CERT_NAME_CONSTRAINT_VIOLATION;

+ case net::ERR_CERT_TOO_LONG_VALIDITY:

+ return CERT_TOO_LONG_VALIDITY;

case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:

return CERT_WEAK_KEY_DH;

case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:

@@ -217,6 +232,7 @@ int SSLErrorInfo::GetErrorsForCertStatus(int cert_id,

net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM,

net::CERT_STATUS_WEAK_KEY,

net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION,

+ net::CERT_STATUS_TOO_LONG_VALIDITY,

};

const ErrorType kErrorTypes[] = {

@@ -230,6 +246,7 @@ int SSLErrorInfo::GetErrorsForCertStatus(int cert_id,

CERT_WEAK_SIGNATURE_ALGORITHM,

CERT_WEAK_KEY,

CERT_NAME_CONSTRAINT_VIOLATION,

+ CERT_TOO_LONG_VALIDITY,

};

DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes));

@@ -243,9 +260,10 @@ int SSLErrorInfo::GetErrorsForCertStatus(int cert_id,

cert_id, &cert);

DCHECK(r);

}

- if (errors)

+ if (errors) {

errors->push_back(

SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url));

+ }

}

return count;

« no previous file with comments | « chrome/browser/ssl/ssl_error_info.h ('k') | content/browser/ssl/ssl_policy.cc » ('j') | net/base/net_error_list.h » ('J')