Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(224)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_mac.cc

Issue 2781093003: De-prioritize 2.23.140.1.1 when searching for EV policy. (Closed)
Patch Set: Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cert/cert_verify_proc_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_mac.h" 5 #include "net/cert/cert_verify_proc_mac.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <CoreServices/CoreServices.h> 8 #include <CoreServices/CoreServices.h>
9 #include <Security/Security.h> 9 #include <Security/Security.h>
10 10
(...skipping 320 matching lines...) Expand 10 before | Expand all | Expand 10 after
331 } 331 }
332 332
333 std::vector<der::Input> policies; 333 std::vector<der::Input> policies;
334 if (!ParseCertificatePoliciesExtension(extension_value, &policies)) 334 if (!ParseCertificatePoliciesExtension(extension_value, &policies))
335 return; 335 return;
336 336
337 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); 337 EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance();
338 for (const der::Input& policy_oid : policies) { 338 for (const der::Input& policy_oid : policies) {
339 if (metadata->IsEVPolicyOID(policy_oid)) { 339 if (metadata->IsEVPolicyOID(policy_oid)) {
340 *ev_policy_oid = policy_oid.AsString(); 340 *ev_policy_oid = policy_oid.AsString();
341 return; 341
342 // De-prioritize the CA/Browser forum Extended Validation policy
343 // (2.23.140.1.1). See crbug.com/705285.
344 if (!EVRootCAMetadata::IsCaBrowserForumEvOid(policy_oid))
345 break;
342 } 346 }
343 } 347 }
344 } 348 }
345 349
346 // Checks that the certificate chain of |cert| has policies consistent with 350 // Checks that the certificate chain of |cert| has policies consistent with
347 // |ev_policy_oid_string|. The leaf is not checked, as it is assumed that is 351 // |ev_policy_oid_string|. The leaf is not checked, as it is assumed that is
348 // where the policy came from. 352 // where the policy came from.
349 bool CheckCertChainEV(const X509Certificate* cert, 353 bool CheckCertChainEV(const X509Certificate* cert,
350 const std::string& ev_policy_oid_string) { 354 const std::string& ev_policy_oid_string) {
351 der::Input ev_policy_oid(&ev_policy_oid_string); 355 der::Input ev_policy_oid(&ev_policy_oid_string);
(...skipping 744 matching lines...) Expand 10 before | Expand all | Expand 10 after
1096 // EV cert and it was covered by CRLSets or revocation checking passed. 1100 // EV cert and it was covered by CRLSets or revocation checking passed.
1097 verify_result->cert_status |= CERT_STATUS_IS_EV; 1101 verify_result->cert_status |= CERT_STATUS_IS_EV;
1098 } 1102 }
1099 1103
1100 return OK; 1104 return OK;
1101 } 1105 }
1102 1106
1103 } // namespace net 1107 } // namespace net
1104 1108
1105 #pragma clang diagnostic pop // "-Wdeprecated-declarations" 1109 #pragma clang diagnostic pop // "-Wdeprecated-declarations"
OLDNEW
« no previous file with comments | « no previous file | net/cert/cert_verify_proc_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698