Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(826)

Unified Diff: net/cert/cert_verify_proc_nss.cc

Issue 2772283004: De-prioritize 2.23.140.1.1 when searching for EV policy. (Closed)
Patch Set: fix win compile Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/cert_verify_proc_mac.cc ('k') | net/cert/cert_verify_proc_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verify_proc_nss.cc
diff --git a/net/cert/cert_verify_proc_nss.cc b/net/cert/cert_verify_proc_nss.cc
index 27558f79d36a4a73e1010cf975d53357b083e47f..8357b78f249b55887701410509d8039ef1ea0471 100644
--- a/net/cert/cert_verify_proc_nss.cc
+++ b/net/cert/cert_verify_proc_nss.cc
@@ -660,6 +660,7 @@ void AppendPublicKeyHashes(CERTCertList* cert_list,
bool IsEVCandidate(EVRootCAMetadata* metadata,
CERTCertificate* cert_handle,
SECOidTag* ev_policy_oid) {
+ *ev_policy_oid = SEC_OID_UNKNOWN;
DCHECK(cert_handle);
ScopedCERTCertificatePolicies policies(DecodeCertPolicies(cert_handle));
if (!policies.get())
@@ -674,11 +675,15 @@ bool IsEVCandidate(EVRootCAMetadata* metadata,
continue;
if (metadata->IsEVPolicyOID(policy_info->oid)) {
*ev_policy_oid = policy_info->oid;
- return true;
+
+ // De-prioritize the CA/Browser forum Extended Validation policy
+ // (2.23.140.1.1). See crbug.com/705285.
+ if (!EVRootCAMetadata::IsCaBrowserForumEvOid(policy_info->oid))
+ break;
}
}
- return false;
+ return *ev_policy_oid != SEC_OID_UNKNOWN;
}
// Studied Mozilla's code (esp. security/manager/ssl/src/nsIdentityChecking.cpp
« no previous file with comments | « net/cert/cert_verify_proc_mac.cc ('k') | net/cert/cert_verify_proc_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698