OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc_openssl.h" | 5 #include "net/cert/cert_verify_proc_openssl.h" |
6 | 6 |
7 #include <openssl/x509v3.h> | 7 #include <openssl/x509v3.h> |
8 | 8 |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
110 } | 110 } |
111 | 111 |
112 // Only check the algorithm status for certificates that are not in the | 112 // Only check the algorithm status for certificates that are not in the |
113 // trust store. | 113 // trust store. |
114 if (i < static_cast<size_t>(store_ctx->last_untrusted)) { | 114 if (i < static_cast<size_t>(store_ctx->last_untrusted)) { |
115 int sig_alg = OBJ_obj2nid(cert->sig_alg->algorithm); | 115 int sig_alg = OBJ_obj2nid(cert->sig_alg->algorithm); |
116 if (sig_alg == NID_md2WithRSAEncryption) { | 116 if (sig_alg == NID_md2WithRSAEncryption) { |
117 verify_result->has_md2 = true; | 117 verify_result->has_md2 = true; |
118 } else if (sig_alg == NID_md4WithRSAEncryption) { | 118 } else if (sig_alg == NID_md4WithRSAEncryption) { |
119 verify_result->has_md4 = true; | 119 verify_result->has_md4 = true; |
120 } else if (sig_alg == NID_md5WithRSAEncryption) { | 120 } else if (sig_alg == NID_md5WithRSAEncryption || |
121 sig_alg == NID_md5WithRSA) { | |
121 verify_result->has_md5 = true; | 122 verify_result->has_md5 = true; |
123 } else if (sig_alg == NID_sha1WithRSAEncryption || | |
124 sig_alg == NID_dsaWithSHA || sig_alg == NID_dsaWithSHA1 || | |
125 sig_alg == NID_dsaWithSHA1_2 || sig_alg == NID_sha1WithRSA || | |
davidben
2014/08/28 19:42:08
Aside: BoringSSL actually can't verify DSA signatu
Ryan Sleevi
2014/09/26 20:18:43
Right, I'm fairly certain it will be an error befo
| |
126 sig_alg == NID_ecdsa_with_SHA1) { | |
127 verify_result->has_sha1 = true; | |
122 } | 128 } |
123 } | 129 } |
124 } | 130 } |
125 | 131 |
126 // Set verify_result->verified_cert and | 132 // Set verify_result->verified_cert and |
127 // verify_result->is_issued_by_known_root. | 133 // verify_result->is_issued_by_known_root. |
128 if (verified_cert) { | 134 if (verified_cert) { |
129 verify_result->verified_cert = | 135 verify_result->verified_cert = |
130 X509Certificate::CreateFromHandle(verified_cert, verified_chain); | 136 X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
131 | 137 |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
232 | 238 |
233 GetCertChainInfo(ctx.get(), verify_result); | 239 GetCertChainInfo(ctx.get(), verify_result); |
234 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); | 240 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); |
235 if (IsCertStatusError(verify_result->cert_status)) | 241 if (IsCertStatusError(verify_result->cert_status)) |
236 return MapCertStatusToNetError(verify_result->cert_status); | 242 return MapCertStatusToNetError(verify_result->cert_status); |
237 | 243 |
238 return OK; | 244 return OK; |
239 } | 245 } |
240 | 246 |
241 } // namespace net | 247 } // namespace net |
OLD | NEW |