| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_openssl.h" | 5 #include "net/cert/cert_verify_proc_openssl.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 101 X509* cert = sk_X509_value(chain, i); | 101 X509* cert = sk_X509_value(chain, i); |
| 102 if (i == 0) { | 102 if (i == 0) { |
| 103 verified_cert = cert; | 103 verified_cert = cert; |
| 104 } else { | 104 } else { |
| 105 verified_chain.push_back(cert); | 105 verified_chain.push_back(cert); |
| 106 } | 106 } |
| 107 | 107 |
| 108 // Only check the algorithm status for certificates that are not in the | 108 // Only check the algorithm status for certificates that are not in the |
| 109 // trust store. | 109 // trust store. |
| 110 if (i < static_cast<size_t>(store_ctx->last_untrusted)) { | 110 if (i < static_cast<size_t>(store_ctx->last_untrusted)) { |
| 111 int sig_alg = OBJ_obj2nid(cert->sig_alg->algorithm); | 111 FillCertVerifyResultWeakSignature(cert, i == 0, verify_result); |
| 112 if (sig_alg == NID_md2WithRSAEncryption) { | |
| 113 verify_result->has_md2 = true; | |
| 114 } else if (sig_alg == NID_md4WithRSAEncryption) { | |
| 115 verify_result->has_md4 = true; | |
| 116 } else if (sig_alg == NID_md5WithRSAEncryption || | |
| 117 sig_alg == NID_md5WithRSA) { | |
| 118 verify_result->has_md5 = true; | |
| 119 } else if (sig_alg == NID_sha1WithRSAEncryption || | |
| 120 sig_alg == NID_dsaWithSHA || sig_alg == NID_dsaWithSHA1 || | |
| 121 sig_alg == NID_dsaWithSHA1_2 || sig_alg == NID_sha1WithRSA || | |
| 122 sig_alg == NID_ecdsa_with_SHA1) { | |
| 123 verify_result->has_sha1 = true; | |
| 124 if (i == 0) | |
| 125 verify_result->has_sha1_leaf = true; | |
| 126 } | |
| 127 } | 112 } |
| 128 } | 113 } |
| 129 | 114 |
| 130 // Set verify_result->verified_cert and | 115 // Set verify_result->verified_cert and |
| 131 // verify_result->is_issued_by_known_root. | 116 // verify_result->is_issued_by_known_root. |
| 132 if (verified_cert) { | 117 if (verified_cert) { |
| 133 verify_result->verified_cert = | 118 verify_result->verified_cert = |
| 134 X509Certificate::CreateFromHandle(verified_cert, verified_chain); | 119 X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
| 135 | 120 |
| 136 // For OpenSSL builds, only certificates used for unit tests are treated | 121 // For OpenSSL builds, only certificates used for unit tests are treated |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 240 | 225 |
| 241 GetCertChainInfo(ctx.get(), verify_result); | 226 GetCertChainInfo(ctx.get(), verify_result); |
| 242 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); | 227 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); |
| 243 if (IsCertStatusError(verify_result->cert_status)) | 228 if (IsCertStatusError(verify_result->cert_status)) |
| 244 return MapCertStatusToNetError(verify_result->cert_status); | 229 return MapCertStatusToNetError(verify_result->cert_status); |
| 245 | 230 |
| 246 return OK; | 231 return OK; |
| 247 } | 232 } |
| 248 | 233 |
| 249 } // namespace net | 234 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2610903003:
[refactor] Extract the CertVerifyResult assignment of has_md2, has_md4, (Closed)
