Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_status_flags.cc

Issue 508823009: Mark SHA-1 as deprecated (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert_verify_result_sha1
Patch Set: Moar work Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/ssl/ssl_policy.cc ('K') | « net/base/net_error_list.h ('k') | net/cert/cert_status_flags_list.h » ('j') | net/cert/cert_status_flags_list.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_status_flags.h" 5 #include "net/cert/cert_status_flags.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "net/base/net_errors.h" 8 #include "net/base/net_errors.h"
9 9
10 namespace net { 10 namespace net {
11 11
12 bool IsCertStatusMinorError(CertStatus cert_status) { 12 bool IsCertStatusMinorError(CertStatus cert_status) {
davidben 2014/09/26 20:09:24 Given all the places that are now checking both, p
13 static const CertStatus kMinorErrors = 13 static const CertStatus kMinorErrors =
14 CERT_STATUS_UNABLE_TO_CHECK_REVOCATION | 14 CERT_STATUS_UNABLE_TO_CHECK_REVOCATION |
15 CERT_STATUS_NO_REVOCATION_MECHANISM; 15 CERT_STATUS_NO_REVOCATION_MECHANISM |
16 CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM;
16 cert_status &= CERT_STATUS_ALL_ERRORS; 17 cert_status &= CERT_STATUS_ALL_ERRORS;
17 return cert_status != 0 && (cert_status & ~kMinorErrors) == 0; 18 return cert_status != 0 && (cert_status & ~kMinorErrors) == 0;
18 } 19 }
19 20
20 CertStatus MapNetErrorToCertStatus(int error) { 21 CertStatus MapNetErrorToCertStatus(int error) {
21 switch (error) { 22 switch (error) {
22 case ERR_CERT_COMMON_NAME_INVALID: 23 case ERR_CERT_COMMON_NAME_INVALID:
23 return CERT_STATUS_COMMON_NAME_INVALID; 24 return CERT_STATUS_COMMON_NAME_INVALID;
24 case ERR_CERT_DATE_INVALID: 25 case ERR_CERT_DATE_INVALID:
25 return CERT_STATUS_DATE_INVALID; 26 return CERT_STATUS_DATE_INVALID;
(...skipping 16 matching lines...) Expand all
42 case ERR_CERT_WEAK_SIGNATURE_ALGORITHM: 43 case ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
43 return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; 44 return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM;
44 case ERR_CERT_NON_UNIQUE_NAME: 45 case ERR_CERT_NON_UNIQUE_NAME:
45 return CERT_STATUS_NON_UNIQUE_NAME; 46 return CERT_STATUS_NON_UNIQUE_NAME;
46 case ERR_CERT_WEAK_KEY: 47 case ERR_CERT_WEAK_KEY:
47 return CERT_STATUS_WEAK_KEY; 48 return CERT_STATUS_WEAK_KEY;
48 case ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: 49 case ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
49 return CERT_STATUS_PINNED_KEY_MISSING; 50 return CERT_STATUS_PINNED_KEY_MISSING;
50 case ERR_CERT_NAME_CONSTRAINT_VIOLATION: 51 case ERR_CERT_NAME_CONSTRAINT_VIOLATION:
51 return CERT_STATUS_NAME_CONSTRAINT_VIOLATION; 52 return CERT_STATUS_NAME_CONSTRAINT_VIOLATION;
53 case ERR_CERT_DEPRECATED_SIGNATURE_ALGORITHM:
54 return CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM;
52 default: 55 default:
53 return 0; 56 return 0;
54 } 57 }
55 } 58 }
56 59
57 int MapCertStatusToNetError(CertStatus cert_status) { 60 int MapCertStatusToNetError(CertStatus cert_status) {
58 // A certificate may have multiple errors. We report the most 61 // A certificate may have multiple errors. We report the most
59 // serious error. 62 // serious error.
60 63
61 // Unrecoverable errors 64 // Unrecoverable errors
(...skipping 18 matching lines...) Expand all
80 if (cert_status & CERT_STATUS_WEAK_KEY) 83 if (cert_status & CERT_STATUS_WEAK_KEY)
81 return ERR_CERT_WEAK_KEY; 84 return ERR_CERT_WEAK_KEY;
82 if (cert_status & CERT_STATUS_DATE_INVALID) 85 if (cert_status & CERT_STATUS_DATE_INVALID)
83 return ERR_CERT_DATE_INVALID; 86 return ERR_CERT_DATE_INVALID;
84 87
85 // Unknown status. Give it the benefit of the doubt. 88 // Unknown status. Give it the benefit of the doubt.
86 if (cert_status & CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) 89 if (cert_status & CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
87 return ERR_CERT_UNABLE_TO_CHECK_REVOCATION; 90 return ERR_CERT_UNABLE_TO_CHECK_REVOCATION;
88 if (cert_status & CERT_STATUS_NO_REVOCATION_MECHANISM) 91 if (cert_status & CERT_STATUS_NO_REVOCATION_MECHANISM)
89 return ERR_CERT_NO_REVOCATION_MECHANISM; 92 return ERR_CERT_NO_REVOCATION_MECHANISM;
93 if (cert_status & CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM)
94 return ERR_CERT_DEPRECATED_SIGNATURE_ALGORITHM;
90 95
91 NOTREACHED(); 96 NOTREACHED();
92 return ERR_UNEXPECTED; 97 return ERR_UNEXPECTED;
93 } 98 }
94 99
95 } // namespace net 100 } // namespace net
OLDNEW
« content/browser/ssl/ssl_policy.cc ('K') | « net/base/net_error_list.h ('k') | net/cert/cert_status_flags_list.h » ('j') | net/cert/cert_status_flags_list.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698