Index: net/cert/cert_verify_proc_android.cc |
diff --git a/net/cert/cert_verify_proc_android.cc b/net/cert/cert_verify_proc_android.cc |
index bd747267a2e0c293465020e2ff35497d806f8c74..8bd7e54f2f417cd12c9cb69f7bbdca20fb6c109f 100644 |
--- a/net/cert/cert_verify_proc_android.cc |
+++ b/net/cert/cert_verify_proc_android.cc |
@@ -4,6 +4,8 @@ |
#include "net/cert/cert_verify_proc_android.h" |
+#include <openssl/x509v3.h> |
+ |
#include <string> |
#include <vector> |
@@ -71,6 +73,38 @@ bool VerifyFromAndroidTrustManager(const std::vector<std::string>& cert_bytes, |
verify_result->verified_cert = verified_cert; |
} |
+ // Extract the algorithm information from the certs |
+ X509Certificate::OSCertHandles chain; |
+ const X509Certificate::OSCertHandles& intermediates = |
+ verify_result->verified_cert->GetIntermediateCertificates(); |
+ chain.push_back(verify_result->verified_cert->os_cert_handle()); |
+ chain.insert(chain.end(), intermediates.begin(), intermediates.end()); |
+ |
+ // If a root certificate is present, ignore its signature algorithm. If it |
+ // is unclear whether or not a root is present, assume the chain is a full, |
+ // but unverified, chain. |
davidben
2014/08/28 19:42:08
Is this comment accurate? If we were unable to bui
|
+ size_t correction_for_root = |
+ (verify_result->cert_status & |
+ (CERT_STATUS_AUTHORITY_INVALID | CERT_STATUS_INVALID)) |
+ ? 0 |
+ : 1; |
+ for (size_t i = 0; i < chain.size() - correction_for_root; ++i) { |
+ int sig_alg = OBJ_obj2nid(chain[i]->sig_alg->algorithm); |
+ if (sig_alg == NID_md2WithRSAEncryption) { |
+ verify_result->has_md2 = true; |
+ } else if (sig_alg == NID_md4WithRSAEncryption) { |
+ verify_result->has_md4 = true; |
+ } else if (sig_alg == NID_md5WithRSAEncryption || |
+ sig_alg == NID_md5WithRSA) { |
+ verify_result->has_md5 = true; |
+ } else if (sig_alg == NID_sha1WithRSAEncryption || |
+ sig_alg == NID_dsaWithSHA || sig_alg == NID_dsaWithSHA1 || |
+ sig_alg == NID_dsaWithSHA1_2 || sig_alg == NID_sha1WithRSA || |
+ sig_alg == NID_ecdsa_with_SHA1) { |
+ verify_result->has_sha1 = true; |
+ } |
+ } |
+ |
// Extract the public key hashes. |
for (size_t i = 0; i < verified_chain.size(); i++) { |
base::StringPiece spki_bytes; |