Index: net/cert/x509_util_openssl.cc |
diff --git a/net/cert/x509_util_openssl.cc b/net/cert/x509_util_openssl.cc |
index 4a58262dab682e5f0abd64085c3986bc5de0c39a..72f93f269835f4c42b58016f102144c4cd025438 100644 |
--- a/net/cert/x509_util_openssl.cc |
+++ b/net/cert/x509_util_openssl.cc |
@@ -339,6 +339,14 @@ bool GetTLSServerEndPointChannelBinding(const X509Certificate& certificate, |
const EVP_MD* digest_evp_md = nullptr; |
switch (signature_algorithm->digest()) { |
+ case net::DigestAlgorithm::Md2: |
+ case net::DigestAlgorithm::Md4: |
+ // Shouldn't be reachable. |
+ digest_evp_md = nullptr; |
+ break; |
+ |
+ // Per RFC 5929 section 4.1, MD5 and SHA1 map to SHA256. |
+ case net::DigestAlgorithm::Md5: |
case net::DigestAlgorithm::Sha1: |
case net::DigestAlgorithm::Sha256: |
digest_evp_md = EVP_sha256(); |