Chromium Code Reviews
DescriptionUpdate CertVerifyProcTest.RejectWeakKeys for Sierra (Mac OS 10.12)
Starting with Mac OS 10.12, weak keys result in a kSecTrustResultRecoverableTrustFailure with a CSSMERR_TP_INVALID_CERTIFICATE result code and CSSMERR_TP_INVALID_CERTIFICATE chain status codes. This results in a CERT_STATUS_INVALID result of VerifyInternal, but the os-independent ExaminePublicKeys function still adds CERT_STATUS_WEAK_KEY.
(Previously they were a kSecTrustResultRecoverableTrustFailure with a CSSMERR_TP_VERIFY_ACTION_FAILED result code and CSSMERR_CSP_UNSUPPORTED_KEY_SIZE chain status codes, so VerifyInternal could directly map that to CERT_STATUS_WEAK_KEY.)
BUG=629712
Committed: https://crrev.com/c74f2ca3e10529dc7a17eaa0bbcb0c1f8876029b
Cr-Commit-Position: refs/heads/master@{#436823}
Patch Set 1 #
Dependent Patchsets: Messages
Total messages: 13 (8 generated)
|
|||||||||||||||||||