Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7276)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ui/website_settings/website_settings.cc

Issue 508823009: Mark SHA-1 as deprecated (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert_verify_result_sha1
Patch Set: Moar work Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/ui/toolbar/toolbar_model_impl.cc ('K') | « chrome/browser/ui/website_settings/website_settings.h ('k') | components/autofill/content/renderer/autofill_agent.cc » ('j') | content/browser/ssl/ssl_policy.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ui/website_settings/website_settings.cc
diff --git a/chrome/browser/ui/website_settings/website_settings.cc b/chrome/browser/ui/website_settings/website_settings.cc
index df26aea09484c37e76fea5372240fc6e2624ec18..2481d371381a6210a5cff8d56a62b013f6153cc4 100644
--- a/chrome/browser/ui/website_settings/website_settings.cc
+++ b/chrome/browser/ui/website_settings/website_settings.cc
@@ -362,10 +362,16 @@ void WebsiteSettings::Init(Profile* profile,
ssl.signed_certificate_timestamp_ids.end());
}
- if (ssl.cert_id &&
- cert_store_->RetrieveCert(ssl.cert_id, &cert) &&
+ bool was_ssl = ssl.cert_id && cert_store_->RetrieveCert(ssl.cert_id, &cert);
+ bool was_ssl_clean_or_minor_errors =
+ was_ssl &&
(!net::IsCertStatusError(ssl.cert_status) ||
- net::IsCertStatusMinorError(ssl.cert_status))) {
+ net::IsCertStatusMinorError(ssl.cert_status));
+ bool was_ssl_using_deprecated_algorithm =
+ was_ssl_clean_or_minor_errors &&
+ (ssl.cert_status & net::CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM);
+
+ if (was_ssl_clean_or_minor_errors) {
// There are no major errors. Check for minor errors.
#if defined(OS_CHROMEOS)
policy::PolicyCertService* service =
@@ -378,7 +384,9 @@ void WebsiteSettings::Init(Profile* profile,
site_identity_status_ = SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT;
site_identity_details_ = l10n_util::GetStringFUTF16(
IDS_CERT_POLICY_PROVIDED_CERT_MESSAGE, UTF8ToUTF16(url.host()));
- } else if (net::IsCertStatusMinorError(ssl.cert_status)) {
+ } else if (net::IsCertStatusMinorError(ssl.cert_status) &&
+ (ssl.cert_status & net::CERT_STATUS_ALL_ERRORS) !=
+ net::CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM) {
site_identity_status_ = SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN;
base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));
if (issuer_name.empty()) {
@@ -401,50 +409,62 @@ void WebsiteSettings::Init(Profile* profile,
} else {
NOTREACHED() << "Need to specify string for this warning";
}
- } else if (ssl.cert_status & net::CERT_STATUS_IS_EV) {
- // EV HTTPS page.
- site_identity_status_ = GetSiteIdentityStatusByCTInfo(
- ssl.signed_certificate_timestamp_ids, true);
- DCHECK(!cert->subject().organization_names.empty());
- organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]);
- // An EV Cert is required to have a city (localityName) and country but
- // state is "if any".
- DCHECK(!cert->subject().locality_name.empty());
- DCHECK(!cert->subject().country_name.empty());
- base::string16 locality;
- if (!cert->subject().state_or_province_name.empty()) {
- locality = l10n_util::GetStringFUTF16(
- IDS_PAGEINFO_ADDRESS,
- UTF8ToUTF16(cert->subject().locality_name),
- UTF8ToUTF16(cert->subject().state_or_province_name),
- UTF8ToUTF16(cert->subject().country_name));
+ } else {
+ DCHECK(!net::IsCertStatusError(ssl.cert_status) ||
+ (ssl.cert_status & net::CERT_STATUS_ALL_ERRORS) ==
+ net::CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM);
+ if (ssl.cert_status & net::CERT_STATUS_IS_EV) {
+ // EV HTTPS page.
+ site_identity_status_ = GetSiteIdentityStatusByCTInfo(
+ ssl.signed_certificate_timestamp_ids, true);
+ DCHECK(!cert->subject().organization_names.empty());
+ organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]);
+ // An EV Cert is required to have a city (localityName) and country but
+ // state is "if any".
+ DCHECK(!cert->subject().locality_name.empty());
+ DCHECK(!cert->subject().country_name.empty());
+ base::string16 locality;
+ if (!cert->subject().state_or_province_name.empty()) {
+ locality = l10n_util::GetStringFUTF16(
+ IDS_PAGEINFO_ADDRESS,
+ UTF8ToUTF16(cert->subject().locality_name),
+ UTF8ToUTF16(cert->subject().state_or_province_name),
+ UTF8ToUTF16(cert->subject().country_name));
+ } else {
+ locality = l10n_util::GetStringFUTF16(
+ IDS_PAGEINFO_PARTIAL_ADDRESS,
+ UTF8ToUTF16(cert->subject().locality_name),
+ UTF8ToUTF16(cert->subject().country_name));
+ }
+ DCHECK(!cert->subject().organization_names.empty());
+ site_identity_details_.assign(l10n_util::GetStringFUTF16(
+ GetSiteIdentityDetailsMessageByCTInfo(
+ ssl.signed_certificate_timestamp_ids, true /* is EV */),
+ UTF8ToUTF16(cert->subject().organization_names[0]),
+ locality,
+ UTF8ToUTF16(cert->issuer().GetDisplayName())));
} else {
- locality = l10n_util::GetStringFUTF16(
- IDS_PAGEINFO_PARTIAL_ADDRESS,
- UTF8ToUTF16(cert->subject().locality_name),
- UTF8ToUTF16(cert->subject().country_name));
+ // Non-EV OK HTTPS page.
+ site_identity_status_ = GetSiteIdentityStatusByCTInfo(
+ ssl.signed_certificate_timestamp_ids, false);
+ base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));
+ if (issuer_name.empty()) {
+ issuer_name.assign(l10n_util::GetStringUTF16(
+ IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
+ }
+
+ site_identity_details_.assign(l10n_util::GetStringFUTF16(
+ GetSiteIdentityDetailsMessageByCTInfo(
+ ssl.signed_certificate_timestamp_ids, false /* not EV */),
+ issuer_name));
}
- DCHECK(!cert->subject().organization_names.empty());
- site_identity_details_.assign(l10n_util::GetStringFUTF16(
- GetSiteIdentityDetailsMessageByCTInfo(
- ssl.signed_certificate_timestamp_ids, true /* is EV */),
- UTF8ToUTF16(cert->subject().organization_names[0]),
- locality,
- UTF8ToUTF16(cert->issuer().GetDisplayName())));
- } else {
- // Non-EV OK HTTPS page.
- site_identity_status_ = GetSiteIdentityStatusByCTInfo(
- ssl.signed_certificate_timestamp_ids, false);
- base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));
- if (issuer_name.empty()) {
- issuer_name.assign(l10n_util::GetStringUTF16(
- IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
+ if (was_ssl_using_deprecated_algorithm) {
+ site_identity_status_ =
+ SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM;
+ site_identity_details_ += UTF8ToUTF16("\n\n");
+ site_identity_details_ += l10n_util::GetStringUTF16(
+ IDS_PAGE_INFO_SECURITY_TAB_DEPRECATED_SIGNATURE_ALGORITHM);
}
-
- site_identity_details_.assign(l10n_util::GetStringFUTF16(
- GetSiteIdentityDetailsMessageByCTInfo(
- ssl.signed_certificate_timestamp_ids, false /* not EV */),
- issuer_name));
}
} else {
// HTTP or HTTPS with errors (not warnings).
« chrome/browser/ui/toolbar/toolbar_model_impl.cc ('K') | « chrome/browser/ui/website_settings/website_settings.h ('k') | components/autofill/content/renderer/autofill_agent.cc » ('j') | content/browser/ssl/ssl_policy.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698