Chromium Code Reviews Chromium Code Reviews
Issue 508823009:
Mark SHA-1 as deprecated (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_verify_result_sha1| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This is the list of CertStatus flags and their values. | 5 // This is the list of CertStatus flags and their values. |
| 6 // | 6 // |
| 7 // Defines the values using a macro CERT_STATUS_FLAG, | 7 // Defines the values using a macro CERT_STATUS_FLAG, |
| 8 // so it can be expanded differently in some places | 8 // so it can be expanded differently in some places |
| 9 | 9 |
| 10 // The possible status bits for CertStatus. | 10 // The possible status bits for CertStatus. |
| 11 // Bits 0 to 15 are for errors. | 11 // Bits 0 to 15 are for errors. |
| 12 CERT_STATUS_FLAG(COMMON_NAME_INVALID, 1 << 0); | 12 CERT_STATUS_FLAG(COMMON_NAME_INVALID, 1 << 0); |
| 13 CERT_STATUS_FLAG(DATE_INVALID, 1 << 1); | 13 CERT_STATUS_FLAG(DATE_INVALID, 1 << 1); |
| 14 CERT_STATUS_FLAG(AUTHORITY_INVALID, 1 << 2); | 14 CERT_STATUS_FLAG(AUTHORITY_INVALID, 1 << 2); |
| 15 // 1 << 3 is reserved for ERR_CERT_CONTAINS_ERRORS (not useful with WinHTTP). | 15 // 1 << 3 is reserved for ERR_CERT_CONTAINS_ERRORS (not useful with WinHTTP). |
| 16 CERT_STATUS_FLAG(NO_REVOCATION_MECHANISM, 1 << 4); | 16 CERT_STATUS_FLAG(NO_REVOCATION_MECHANISM, 1 << 4); |
| 17 CERT_STATUS_FLAG(UNABLE_TO_CHECK_REVOCATION, 1 << 5); | 17 CERT_STATUS_FLAG(UNABLE_TO_CHECK_REVOCATION, 1 << 5); |
| 18 CERT_STATUS_FLAG(REVOKED, 1 << 6); | 18 CERT_STATUS_FLAG(REVOKED, 1 << 6); |
| 19 CERT_STATUS_FLAG(INVALID, 1 << 7); | 19 CERT_STATUS_FLAG(INVALID, 1 << 7); |
| 20 // Weak means "too weak to be used safely" (e.g. MD2, MD5) | 20 // Weak means "too weak to be used safely" (e.g. MD2, MD5) |
| 21 CERT_STATUS_FLAG(WEAK_SIGNATURE_ALGORITHM, 1 << 8); | 21 CERT_STATUS_FLAG(WEAK_SIGNATURE_ALGORITHM, 1 << 8); |
| 22 // 1 << 9 was used for CERT_STATUS_NOT_IN_DNS | 22 // 1 << 9 was used for CERT_STATUS_NOT_IN_DNS |
| 23 CERT_STATUS_FLAG(NON_UNIQUE_NAME, 1 << 10); | 23 CERT_STATUS_FLAG(NON_UNIQUE_NAME, 1 << 10); |
| 24 CERT_STATUS_FLAG(WEAK_KEY, 1 << 11); | 24 CERT_STATUS_FLAG(WEAK_KEY, 1 << 11); |
| 25 // 1 << 12 was used for CERT_STATUS_WEAK_DH_KEY | 25 // 1 << 12 was used for CERT_STATUS_WEAK_DH_KEY |
| 26 CERT_STATUS_FLAG(PINNED_KEY_MISSING, 1 << 13); | 26 CERT_STATUS_FLAG(PINNED_KEY_MISSING, 1 << 13); |
| 27 CERT_STATUS_FLAG(NAME_CONSTRAINT_VIOLATION, 1 << 14); | 27 CERT_STATUS_FLAG(NAME_CONSTRAINT_VIOLATION, 1 << 14); |
| 28 // Deprecated means "Valid beyond the deprecation period" (e.g. SHA-1 in 2017) | |
|
palmer
2014/08/28 21:23:13
Nit: Punctuation
| |
| 29 // If used after the deprecation period, it becomes WEAK_SIGNATURE_ALGORITHM | |
| 30 CERT_STATUS_FLAG(DEPRECATED_SIGNATURE_ALGORITHM, 1 << 15); | |
| 28 | 31 |
| 29 // Bits 16 to 31 are for non-error statuses. | 32 // Bits 16 to 31 are for non-error statuses. |
| 30 CERT_STATUS_FLAG(IS_EV, 1 << 16); | 33 CERT_STATUS_FLAG(IS_EV, 1 << 16); |
| 31 CERT_STATUS_FLAG(REV_CHECKING_ENABLED, 1 << 17); | 34 CERT_STATUS_FLAG(REV_CHECKING_ENABLED, 1 << 17); |
| 32 // Bit 18 was CERT_STATUS_IS_DNSSEC | 35 // Bit 18 was CERT_STATUS_IS_DNSSEC |
| 33 | 36 |
| 34 // Bits 32 to 48 are for errors. | 37 // Bits 32 to 48 are for errors. |
| OLD | NEW |
