DescriptionCheck TBSCertificate.algorithm and Certificate.signatureAlgorithm for consistency when verifying certificates.
The underlying platform verifiers don't do this, which can lead to
confusion when trying to enforce policy for SHA1 on the verified chain.
* If the two signature algorithms don't match will fail with
ERR_INVALID_CERT.
* If the chain contains a signature algorithm that we don't know how to
parse, will also fail with ERR_INVALID_CERT
BUG=690821
Review-Url: https://codereview.chromium.org/2731603002
Cr-Commit-Position: refs/heads/master@{#455682}
(cherry picked from commit a77953fe670968fe6728796b77cedf48f0954d78)
Review-Url: https://codereview.chromium.org/2750723002 .
Cr-Commit-Position: refs/branch-heads/3029@{#166}
Cr-Branched-From: 939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471}
Committed: https://chromium.googlesource.com/chromium/src/+/8f0392d571b728f4a7d02067c129b1a44f3e19c2
Patch Set 1 #
Messages
Total messages: 2 (1 generated)
|