Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(219)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc.cc

Issue 616773004: net: block retired Fraunhofer intermediate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc.h" 5 #include "net/cert/cert_verify_proc.h"
6 6
7 #include "base/basictypes.h" 7 #include "base/basictypes.h"
8 #include "base/metrics/histogram.h" 8 #include "base/metrics/histogram.h"
9 #include "base/sha1.h" 9 #include "base/sha1.h"
10 #include "base/strings/stringprintf.h" 10 #include "base/strings/stringprintf.h"
(...skipping 398 matching lines...) Expand 10 before | Expand all | Expand 10 after
409 {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6, 409 {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6,
410 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32}, 410 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32},
411 // Cyberoam CA certificate. Private key leaked, but this certificate would 411 // Cyberoam CA certificate. Private key leaked, but this certificate would
412 // only have been installed by Cyberoam customers. The certificate expires 412 // only have been installed by Cyberoam customers. The certificate expires
413 // in 2036, but we can probably remove in a couple of years (2014). 413 // in 2036, but we can probably remove in a couple of years (2014).
414 {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e, 414 {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e,
415 0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1}, 415 0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1},
416 // Win32/Sirefef.gen!C generates fake certificates with this public key. 416 // Win32/Sirefef.gen!C generates fake certificates with this public key.
417 {0xa4, 0xf5, 0x6e, 0x9e, 0x1d, 0x9a, 0x3b, 0x7b, 0x1a, 0xc3, 417 {0xa4, 0xf5, 0x6e, 0x9e, 0x1d, 0x9a, 0x3b, 0x7b, 0x1a, 0xc3,
418 0x31, 0xcf, 0x64, 0xfc, 0x76, 0x2c, 0xd0, 0x51, 0xfb, 0xa4}, 418 0x31, 0xcf, 0x64, 0xfc, 0x76, 0x2c, 0xd0, 0x51, 0xfb, 0xa4},
419 // ANSSI certificate under which a MITM proxy was mistakenly operated.
420 // Expires: Jul 18 10:05:28 2014 GMT
421 {0x3e, 0xcf, 0x4b, 0xbb, 0xe4, 0x60, 0x96, 0xd5, 0x14, 0xbb,
422 0x53, 0x9b, 0xb9, 0x13, 0xd7, 0x7a, 0xa4, 0xef, 0x31, 0xbf},
423 // Three retired intermediate certificates from Symantec. No compromise; 419 // Three retired intermediate certificates from Symantec. No compromise;
424 // just for robustness. All expire May 17 23:59:59 2018. 420 // just for robustness. All expire May 17 23:59:59 2018.
425 // See https://bugzilla.mozilla.org/show_bug.cgi?id=966060 421 // See https://bugzilla.mozilla.org/show_bug.cgi?id=966060
426 {0x68, 0x5e, 0xec, 0x0a, 0x39, 0xf6, 0x68, 0xae, 0x8f, 0xd8, 422 {0x68, 0x5e, 0xec, 0x0a, 0x39, 0xf6, 0x68, 0xae, 0x8f, 0xd8,
427 0x96, 0x4f, 0x98, 0x74, 0x76, 0xb4, 0x50, 0x4f, 0xd2, 0xbe}, 423 0x96, 0x4f, 0x98, 0x74, 0x76, 0xb4, 0x50, 0x4f, 0xd2, 0xbe},
428 {0x0e, 0x50, 0x2d, 0x4d, 0xd1, 0xe1, 0x60, 0x36, 0x8a, 0x31, 424 {0x0e, 0x50, 0x2d, 0x4d, 0xd1, 0xe1, 0x60, 0x36, 0x8a, 0x31,
429 0xf0, 0x6a, 0x81, 0x04, 0x31, 0xba, 0x6f, 0x72, 0xc0, 0x41}, 425 0xf0, 0x6a, 0x81, 0x04, 0x31, 0xba, 0x6f, 0x72, 0xc0, 0x41},
430 {0x93, 0xd1, 0x53, 0x22, 0x29, 0xcc, 0x2a, 0xbd, 0x21, 0xdf, 426 {0x93, 0xd1, 0x53, 0x22, 0x29, 0xcc, 0x2a, 0xbd, 0x21, 0xdf,
431 0xf5, 0x97, 0xee, 0x32, 0x0f, 0xe4, 0x24, 0x6f, 0x3d, 0x0c}, 427 0xf5, 0x97, 0xee, 0x32, 0x0f, 0xe4, 0x24, 0x6f, 0x3d, 0x0c},
432 // C=IN, O=National Informatics Centre, OU=NICCA, CN=NIC Certifying 428 // C=IN, O=National Informatics Centre, OU=NICCA, CN=NIC Certifying
433 // Authority. Issued by C=IN, O=India PKI, CN=CCA India 2007. 429 // Authority. Issued by C=IN, O=India PKI, CN=CCA India 2007.
434 // Expires July 4th, 2015. 430 // Expires July 4th, 2015.
435 {0xf5, 0x71, 0x79, 0xfa, 0xea, 0x10, 0xc5, 0x43, 0x8c, 0xb0, 431 {0xf5, 0x71, 0x79, 0xfa, 0xea, 0x10, 0xc5, 0x43, 0x8c, 0xb0,
436 0xc6, 0xe1, 0xcc, 0x27, 0x7b, 0x6e, 0x0d, 0xb2, 0xff, 0x54}, 432 0xc6, 0xe1, 0xcc, 0x27, 0x7b, 0x6e, 0x0d, 0xb2, 0xff, 0x54},
437 // C=IN, O=National Informatics Centre, CN=NIC CA 2011. Issued by 433 // C=IN, O=National Informatics Centre, CN=NIC CA 2011. Issued by
438 // C=IN, O=India PKI, CN=CCA India 2011. 434 // C=IN, O=India PKI, CN=CCA India 2011.
439 // Expires March 11th 2016. 435 // Expires March 11th 2016.
440 {0x07, 0x7a, 0xc7, 0xde, 0x8d, 0xa5, 0x58, 0x64, 0x3a, 0x06, 436 {0x07, 0x7a, 0xc7, 0xde, 0x8d, 0xa5, 0x58, 0x64, 0x3a, 0x06,
441 0xc5, 0x36, 0x9e, 0x55, 0x4f, 0xae, 0xb3, 0xdf, 0xa1, 0x66}, 437 0xc5, 0x36, 0x9e, 0x55, 0x4f, 0xae, 0xb3, 0xdf, 0xa1, 0x66},
442 // C=IN, O=National Informatics Centre, CN=NIC CA 2014. Issued by 438 // C=IN, O=National Informatics Centre, CN=NIC CA 2014. Issued by
443 // C=IN, O=India PKI, CN=CCA India 2014. 439 // C=IN, O=India PKI, CN=CCA India 2014.
444 // Expires: March 5th, 2024. 440 // Expires: March 5th, 2024.
445 {0xe5, 0x8e, 0x31, 0x5b, 0xaa, 0xee, 0xaa, 0xc6, 0xe7, 0x2e, 441 {0xe5, 0x8e, 0x31, 0x5b, 0xaa, 0xee, 0xaa, 0xc6, 0xe7, 0x2e,
446 0xc9, 0x57, 0x36, 0x70, 0xca, 0x2f, 0x25, 0x4e, 0xc3, 0x47}, 442 0xc9, 0x57, 0x36, 0x70, 0xca, 0x2f, 0x25, 0x4e, 0xc3, 0x47},
443 // C=DE, O=Fraunhofer, OU=Fraunhofer Corporate PKI,
444 // CN=Fraunhofer Service CA 2007.
445 // Expires: Jun 30 2019.
446 // No compromise, just for robustness. See
447 // https://bugzilla.mozilla.org/show_bug.cgi?id=1076940
448 {0x38, 0x4d, 0x0c, 0x1d, 0xc4, 0x77, 0xa7, 0xb3, 0xf8, 0x67,
449 0x86, 0xd0, 0x18, 0x51, 0x9f, 0x58, 0x9f, 0x1e, 0x9e, 0x25},
447 }; 450 };
448 451
449 for (unsigned i = 0; i < kNumHashes; i++) { 452 for (unsigned i = 0; i < kNumHashes; i++) {
450 for (HashValueVector::const_iterator j = public_key_hashes.begin(); 453 for (HashValueVector::const_iterator j = public_key_hashes.begin();
451 j != public_key_hashes.end(); ++j) { 454 j != public_key_hashes.end(); ++j) {
452 if (j->tag == HASH_VALUE_SHA1 && 455 if (j->tag == HASH_VALUE_SHA1 &&
453 memcmp(j->data(), kHashes[i], base::kSHA1Length) == 0) { 456 memcmp(j->data(), kHashes[i], base::kSHA1Length) == 0) {
454 return true; 457 return true;
455 } 458 }
456 } 459 }
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after
605 return true; 608 return true;
606 } 609 }
607 } 610 }
608 } 611 }
609 } 612 }
610 613
611 return false; 614 return false;
612 } 615 }
613 616
614 } // namespace net 617 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698