Sign self-signed certs with SHA256.

content/browser/media/webrtc_identity_store.cc

Index: content/browser/media/webrtc_identity_store.cc
===================================================================
--- content/browser/media/webrtc_identity_store.cc	(revision 231602)
+++ content/browser/media/webrtc_identity_store.cc	(working copy)
@@ -39,20 +39,16 @@
   result->error = net::OK;
   int serial_number = base::RandInt(0, std::numeric_limits<int>::max());
 
-  scoped_ptr<crypto::RSAPrivateKey> key(crypto::RSAPrivateKey::Create(1024));
-  if (!key.get()) {
-    DLOG(ERROR) << "Unable to create key pair for client";
-    result->error = net::ERR_KEY_GENERATION_FAILED;
-    return;
-  }
-
+  scoped_ptr<crypto::RSAPrivateKey> key;
   base::Time now = base::Time::Now();
-  bool success = net::x509_util::CreateSelfSignedCert(key.get(),
-                                                      "CN=" + common_name,
-                                                      serial_number,
-                                                      now,
-                                                      now + validity_period,
-                                                      &result->certificate);
+  bool success = net::x509_util::CreateKeyAndSelfSignedCert(

[Ami GONE FROM CHROMIUM, 2013/10/30 19:21:57]

Does this CL change what used to be signed with SHA1 to being signed with
SHA256?  If so, is that a problem for cached identities?  Please get jiayl@'s
signoff on this part of this CL.

[bemasc, 2013/10/30 19:30:49]

This CL is intended not to re-sign any old keys using SHA256.  In the case of
webrtc, the code being replaced here both generates a new keypair and signs the
certificate.  Pre-existing keys should not be affected.

+      "CN=" + common_name,
+      serial_number,
+      now,
+      now + validity_period,
+      &key,
+      &result->certificate);
+
   if (!success) {
     DLOG(ERROR) << "Unable to create x509 cert for client";
     result->error = net::ERR_SELF_SIGNED_CERT_GENERATION_FAILED;