OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include "base/metrics/histogram.h" | 7 #include "base/metrics/histogram.h" |
8 #include "base/sha1.h" | 8 #include "base/sha1.h" |
9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
(...skipping 323 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
334 if (serial.size() == kComodoSerialBytes) { | 334 if (serial.size() == kComodoSerialBytes) { |
335 for (unsigned i = 0; i < arraysize(kComodoSerials); i++) { | 335 for (unsigned i = 0; i < arraysize(kComodoSerials); i++) { |
336 if (memcmp(kComodoSerials[i], serial.data(), kComodoSerialBytes) == 0) { | 336 if (memcmp(kComodoSerials[i], serial.data(), kComodoSerialBytes) == 0) { |
337 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", i, | 337 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", i, |
338 arraysize(kComodoSerials) + 1); | 338 arraysize(kComodoSerials) + 1); |
339 return true; | 339 return true; |
340 } | 340 } |
341 } | 341 } |
342 } | 342 } |
343 | 343 |
344 /* CloudFlare revoked all certificates issued prior to April 2nd, 2014. Thus | |
wtc
2014/05/02 21:21:16
We should also note when these certificates will a
agl
2014/05/02 23:17:49
Done.
| |
345 * all certificates where the CN ends with ".cloudflare.com" with a prior | |
346 * issuance date are rejected. */ | |
347 const std::string& cn = cert->subject().common_name; | |
348 const std::string kCloudFlareCNSuffix(".cloudflare.com"); | |
Ryan Sleevi
2014/05/02 22:11:33
static const char[] kCloudFlareCNSuffix = ".cloudf
agl
2014/05/02 23:17:49
Done.
| |
349 if (cn.size() > kCloudFlareCNSuffix.size() && | |
350 cn.compare(cn.size() - kCloudFlareCNSuffix.size(), | |
351 kCloudFlareCNSuffix.size(), | |
Ryan Sleevi
2014/05/02 22:11:33
arraysize(kCloudFlareCNSuffix);
agl
2014/05/02 23:17:49
Done.
| |
352 kCloudFlareCNSuffix) == 0) { | |
353 base::Time::Exploded epoch = {0}; | |
354 epoch.year = 2014; | |
355 epoch.month = 4; | |
356 epoch.day_of_month = 2; | |
357 | |
358 if (cert->valid_start() < base::Time::FromUTCExploded(epoch)) { | |
Ryan Sleevi
2014/05/02 22:11:33
Could be more efficient using FromInternalValue()
agl
2014/05/02 23:17:49
Done.
| |
359 return true; | |
360 } | |
Ryan Sleevi
2014/05/02 22:11:33
no braces (consistent with the rest of the file fo
agl
2014/05/02 23:17:49
Kept braces because now it's a single if with a mu
| |
361 } | |
362 | |
344 return false; | 363 return false; |
345 } | 364 } |
346 | 365 |
347 // static | 366 // static |
348 // NOTE: This implementation assumes and enforces that the hashes are SHA1. | 367 // NOTE: This implementation assumes and enforces that the hashes are SHA1. |
349 bool CertVerifyProc::IsPublicKeyBlacklisted( | 368 bool CertVerifyProc::IsPublicKeyBlacklisted( |
350 const HashValueVector& public_key_hashes) { | 369 const HashValueVector& public_key_hashes) { |
351 static const unsigned kNumHashes = 14; | 370 static const unsigned kNumHashes = 14; |
352 static const uint8 kHashes[kNumHashes][base::kSHA1Length] = { | 371 static const uint8 kHashes[kNumHashes][base::kSHA1Length] = { |
353 // Subject: CN=DigiNotar Root CA | 372 // Subject: CN=DigiNotar Root CA |
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
535 return true; | 554 return true; |
536 } | 555 } |
537 } | 556 } |
538 } | 557 } |
539 } | 558 } |
540 | 559 |
541 return false; | 560 return false; |
542 } | 561 } |
543 | 562 |
544 } // namespace net | 563 } // namespace net |
OLD | NEW |