| Index: net/cert/x509_util_openssl.cc
|
| ===================================================================
|
| --- net/cert/x509_util_openssl.cc (revision 229411)
|
| +++ net/cert/x509_util_openssl.cc (working copy)
|
| @@ -15,6 +15,20 @@
|
|
|
| namespace net {
|
|
|
| +namespace {
|
| +
|
| +const EVP_MD* ToEVP(x509_util::DigestAlgorithm alg) {
|
| + switch (alg) {
|
| + case x509_util::DIGEST_SHA1:
|
| + return EVP_sha1();
|
| + case x509_util::DIGEST_SHA256:
|
| + return EVP_sha256();
|
| + }
|
| + return NULL;
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| namespace x509_util {
|
|
|
| bool IsSupportedValidityRange(base::Time not_valid_before,
|
| @@ -50,18 +64,19 @@
|
| return true;
|
| }
|
|
|
| -bool CreateDomainBoundCertEC(
|
| - crypto::ECPrivateKey* key,
|
| - const std::string& domain,
|
| - uint32 serial_number,
|
| - base::Time not_valid_before,
|
| - base::Time not_valid_after,
|
| - std::string* der_cert) {
|
| +bool CreateDomainBoundCertEC(crypto::ECPrivateKey* key,
|
| + DigestAlgorithm alg,
|
| + const std::string& domain,
|
| + uint32 serial_number,
|
| + base::Time not_valid_before,
|
| + base::Time not_valid_after,
|
| + std::string* der_cert) {
|
| NOTIMPLEMENTED();
|
| return false;
|
| }
|
|
|
| bool CreateSelfSignedCert(crypto::RSAPrivateKey* key,
|
| + DigestAlgorithm alg,
|
| const std::string& common_name,
|
| uint32 serial_number,
|
| base::Time not_valid_before,
|
| @@ -139,8 +154,15 @@
|
| return false;
|
| }
|
|
|
| + // Get the message digest algorithm
|
| + const EVP_MD* md = ToEVP(alg);
|
| + if (!md) {
|
| + LOG(ERROR) << "Unrecognized hash algorithm.";
|
| + return false;
|
| + }
|
| +
|
| // Sign it with the private key.
|
| - if (!X509_sign(cert.get(), key->key(), EVP_sha1())) {
|
| + if (!X509_sign(cert.get(), key->key(), md)) {
|
| LOG(ERROR) << "Could not sign certificate with key.";
|
| return false;
|
| }
|
|
|
Chromium Code Reviews
Issue 27832002:
Sign self-signed certs with SHA256. (Closed)
Base URL: https://src.chromium.org/chrome/trunk/src/