| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_win.h" | 5 #include "net/cert/cert_verify_proc_win.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 924 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 935 if (policies_info.get()) { | 935 if (policies_info.get()) { |
| 936 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); | 936 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); |
| 937 for (DWORD i = 0; i < policies_info->cPolicyInfo; ++i) { | 937 for (DWORD i = 0; i < policies_info->cPolicyInfo; ++i) { |
| 938 LPSTR policy_oid = policies_info->rgPolicyInfo[i].pszPolicyIdentifier; | 938 LPSTR policy_oid = policies_info->rgPolicyInfo[i].pszPolicyIdentifier; |
| 939 if (metadata->IsEVPolicyOID(policy_oid)) { | 939 if (metadata->IsEVPolicyOID(policy_oid)) { |
| 940 ev_policy_oid = policy_oid; | 940 ev_policy_oid = policy_oid; |
| 941 chain_para.RequestedIssuancePolicy.dwType = USAGE_MATCH_TYPE_AND; | 941 chain_para.RequestedIssuancePolicy.dwType = USAGE_MATCH_TYPE_AND; |
| 942 chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 1; | 942 chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 1; |
| 943 chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = | 943 chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = |
| 944 &ev_policy_oid; | 944 &ev_policy_oid; |
| 945 break; | 945 |
| 946 // De-prioritize the CA/Browser forum Extended Validation policy |
| 947 // (2.23.140.1.1). See crbug.com/705285. |
| 948 if (!EVRootCAMetadata::IsCaBrowserForumEvOid(ev_policy_oid)) |
| 949 break; |
| 946 } | 950 } |
| 947 } | 951 } |
| 948 } | 952 } |
| 949 } | 953 } |
| 950 | 954 |
| 951 // Revocation checking is always enabled, in order to enable CRLSets to be | 955 // Revocation checking is always enabled, in order to enable CRLSets to be |
| 952 // evaluated as part of a revocation provider. However, when the caller did | 956 // evaluated as part of a revocation provider. However, when the caller did |
| 953 // not explicitly request revocation checking (which is to say, online | 957 // not explicitly request revocation checking (which is to say, online |
| 954 // revocation checking), then only enable cached results. This disables OCSP | 958 // revocation checking), then only enable cached results. This disables OCSP |
| 955 // and CRL fetching, but still allows the revocation provider to be called. | 959 // and CRL fetching, but still allows the revocation provider to be called. |
| (...skipping 252 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1208 return MapCertStatusToNetError(verify_result->cert_status); | 1212 return MapCertStatusToNetError(verify_result->cert_status); |
| 1209 | 1213 |
| 1210 if (ev_policy_oid && | 1214 if (ev_policy_oid && |
| 1211 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { | 1215 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { |
| 1212 verify_result->cert_status |= CERT_STATUS_IS_EV; | 1216 verify_result->cert_status |= CERT_STATUS_IS_EV; |
| 1213 } | 1217 } |
| 1214 return OK; | 1218 return OK; |
| 1215 } | 1219 } |
| 1216 | 1220 |
| 1217 } // namespace net | 1221 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2772283004:
De-prioritize 2.23.140.1.1 when searching for EV policy. (Closed)
