Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(555)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2750723002: Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for consistency when verifying ce… (Closed)

Created:
3 years, 9 months ago by eroman
Modified:
3 years, 9 months ago
Reviewers:
CC:
chromium-reviews
Target Ref:
refs/pending/branch-heads/3029
Project:
chromium
Visibility:
Public.

Description

Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for consistency when verifying certificates. The underlying platform verifiers don't do this, which can lead to confusion when trying to enforce policy for SHA1 on the verified chain. * If the two signature algorithms don't match will fail with ERR_INVALID_CERT. * If the chain contains a signature algorithm that we don't know how to parse, will also fail with ERR_INVALID_CERT BUG=690821 Review-Url: https://codereview.chromium.org/2731603002 Cr-Commit-Position: refs/heads/master@{#455682} (cherry picked from commit a77953fe670968fe6728796b77cedf48f0954d78) Review-Url: https://codereview.chromium.org/2750723002 . Cr-Commit-Position: refs/branch-heads/3029@{#166} Cr-Branched-From: 939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471} Committed: https://chromium.googlesource.com/chromium/src/+/8f0392d571b728f4a7d02067c129b1a44f3e19c2

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+614 lines, -205 lines) Patch
M net/cert/asn1_util.h View 1 chunk +17 lines, -0 lines 0 comments Download
M net/cert/asn1_util.cc View 1 chunk +52 lines, -0 lines 0 comments Download
M net/cert/cert_verify_proc.cc View 3 chunks +100 lines, -28 lines 0 comments Download
M net/cert/cert_verify_proc_mac.cc View 2 chunks +39 lines, -16 lines 0 comments Download
M net/cert/cert_verify_proc_unittest.cc View 2 chunks +360 lines, -0 lines 0 comments Download
M net/cert/internal/signature_algorithm.h View 2 chunks +8 lines, -1 line 0 comments Download
M net/cert/internal/signature_algorithm.cc View 2 chunks +34 lines, -1 line 0 comments Download
M net/cert/internal/verify_certificate_chain.cc View 2 chunks +4 lines, -15 lines 0 comments Download
M net/cert/x509_certificate.h View 2 chunks +0 lines, -17 lines 0 comments Download
M net/cert/x509_certificate_ios.cc View 1 chunk +0 lines, -23 lines 0 comments Download
M net/cert/x509_certificate_mac.cc View 1 chunk +0 lines, -37 lines 0 comments Download
M net/cert/x509_certificate_nss.cc View 1 chunk +0 lines, -22 lines 0 comments Download
M net/cert/x509_certificate_openssl.cc View 1 chunk +0 lines, -18 lines 0 comments Download
M net/cert/x509_certificate_win.cc View 1 chunk +0 lines, -27 lines 0 comments Download

Messages

Total messages: 2 (1 generated)
eroman
3 years, 9 months ago (2017-03-13 21:34:48 UTC) #2
Message was sent while issue was closed. 
Committed patchset #1 (id:1) manually as
8f0392d571b728f4a7d02067c129b1a44f3e19c2.

Powered by Google App Engine
This is Rietveld 408576698