net/cert/cert_verify_proc_win.cc - Issue 2951343002: Remove residual support for SHA-1 public key pins.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/cert/cert_verify_proc_win.cc

Issue 2951343002: Remove residual support for SHA-1 public key pins. (Closed)

Patch Set: Remove the rest of HASH_VALUE_SHA1; respond to comments. Created 3 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « net/cert/cert_verify_proc_unittest.cc ('k') | net/data/ssl/name_constrained/2d66a702ae81ba03af8cff55ab318afa919039d9f31b4d64388680f81311b65a.pem » ('j') | net/data/ssl/name_constrained/README.md » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/cert_verify_proc_win.h"	5 #include "net/cert/cert_verify_proc_win.h"

6	6

7 #include <memory>	7 #include <memory>

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

(...skipping 521 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
532 for (DWORD i = 0; i < num_elements; i++) {	532 for (DWORD i = 0; i < num_elements; i++) {

533 PCCERT_CONTEXT cert = element[i]->pCertContext;	533 PCCERT_CONTEXT cert = element[i]->pCertContext;

534	534

535 base::StringPiece der_bytes(	535 base::StringPiece der_bytes(

536 reinterpret_cast<const char*>(cert->pbCertEncoded),	536 reinterpret_cast<const char*>(cert->pbCertEncoded),

537 cert->cbCertEncoded);	537 cert->cbCertEncoded);

538 base::StringPiece spki_bytes;	538 base::StringPiece spki_bytes;

539 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes))	539 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes))

540 continue;	540 continue;

541	541

542 HashValue sha1(HASH_VALUE_SHA1);

543 base::SHA1HashBytes(reinterpret_cast<const uint8_t*>(spki_bytes.data()),

544 spki_bytes.size(), sha1.data());

545 hashes->push_back(sha1);

546

547 HashValue sha256(HASH_VALUE_SHA256);	542 HashValue sha256(HASH_VALUE_SHA256);

548 crypto::SHA256HashString(spki_bytes, sha256.data(), crypto::kSHA256Length);	543 crypto::SHA256HashString(spki_bytes, sha256.data(), crypto::kSHA256Length);

549 hashes->push_back(sha256);	544 hashes->push_back(sha256);

550 }	545 }

551 }	546 }

552	547

553 // Returns true if the certificate is an extended-validation certificate.	548 // Returns true if the certificate is an extended-validation certificate.

554 //	549 //

555 // This function checks the certificatePolicies extensions of the	550 // This function checks the certificatePolicies extensions of the

556 // certificates in the certificate chain according to Section 7 (pp. 11-12)	551 // certificates in the certificate chain according to Section 7 (pp. 11-12)

(...skipping 612 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1169 return MapCertStatusToNetError(verify_result->cert_status);	1164 return MapCertStatusToNetError(verify_result->cert_status);

1170	1165

1171 if (ev_policy_oid &&	1166 if (ev_policy_oid &&

1172 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) {	1167 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) {

1173 verify_result->cert_status \|= CERT_STATUS_IS_EV;	1168 verify_result->cert_status \|= CERT_STATUS_IS_EV;

1174 }	1169 }

1175 return OK;	1170 return OK;

1176 }	1171 }

1177	1172

1178 } // namespace net	1173 } // namespace net

OLD	NEW