OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include <stdint.h> | 7 #include <stdint.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 | 10 |
(...skipping 495 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
506 cert->GetSubjectAltName(&dns_names, &ip_addrs); | 506 cert->GetSubjectAltName(&dns_names, &ip_addrs); |
507 if (HasNameConstraintsViolation(verify_result->public_key_hashes, | 507 if (HasNameConstraintsViolation(verify_result->public_key_hashes, |
508 cert->subject().common_name, | 508 cert->subject().common_name, |
509 dns_names, | 509 dns_names, |
510 ip_addrs)) { | 510 ip_addrs)) { |
511 verify_result->cert_status |= CERT_STATUS_NAME_CONSTRAINT_VIOLATION; | 511 verify_result->cert_status |= CERT_STATUS_NAME_CONSTRAINT_VIOLATION; |
512 rv = MapCertStatusToNetError(verify_result->cert_status); | 512 rv = MapCertStatusToNetError(verify_result->cert_status); |
513 } | 513 } |
514 | 514 |
515 if (IsNonWhitelistedCertificate(*verify_result->verified_cert, | 515 if (IsNonWhitelistedCertificate(*verify_result->verified_cert, |
516 verify_result->public_key_hashes)) { | 516 verify_result->public_key_hashes, hostname)) { |
517 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; | 517 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; |
518 rv = MapCertStatusToNetError(verify_result->cert_status); | 518 rv = MapCertStatusToNetError(verify_result->cert_status); |
519 } | 519 } |
520 | 520 |
521 // Check for weak keys in the entire verified chain. | 521 // Check for weak keys in the entire verified chain. |
522 bool weak_key = ExaminePublicKeys(verify_result->verified_cert, | 522 bool weak_key = ExaminePublicKeys(verify_result->verified_cert, |
523 verify_result->is_issued_by_known_root); | 523 verify_result->is_issued_by_known_root); |
524 | 524 |
525 if (weak_key) { | 525 if (weak_key) { |
526 verify_result->cert_status |= CERT_STATUS_WEAK_KEY; | 526 verify_result->cert_status |= CERT_STATUS_WEAK_KEY; |
(...skipping 306 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
833 return true; | 833 return true; |
834 | 834 |
835 return false; | 835 return false; |
836 } | 836 } |
837 | 837 |
838 // static | 838 // static |
839 const base::Feature CertVerifyProc::kSHA1LegacyMode{ | 839 const base::Feature CertVerifyProc::kSHA1LegacyMode{ |
840 "SHA1LegacyMode", base::FEATURE_DISABLED_BY_DEFAULT}; | 840 "SHA1LegacyMode", base::FEATURE_DISABLED_BY_DEFAULT}; |
841 | 841 |
842 } // namespace net | 842 } // namespace net |
OLD | NEW |