net: block retired Fraunhofer intermediate.

net/cert/cert_verify_proc.cc

Index: net/cert/cert_verify_proc.cc
diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc
index f30033b71d262085a66bdebb43fadae8f9e2ace0..222ba47f51c98fcab412a52334146ee064d77696 100644
--- a/net/cert/cert_verify_proc.cc
+++ b/net/cert/cert_verify_proc.cc
@@ -416,10 +416,6 @@ bool CertVerifyProc::IsPublicKeyBlacklisted(
     // Win32/Sirefef.gen!C generates fake certificates with this public key.
     {0xa4, 0xf5, 0x6e, 0x9e, 0x1d, 0x9a, 0x3b, 0x7b, 0x1a, 0xc3,
      0x31, 0xcf, 0x64, 0xfc, 0x76, 0x2c, 0xd0, 0x51, 0xfb, 0xa4},
-    // ANSSI certificate under which a MITM proxy was mistakenly operated.
-    // Expires: Jul 18 10:05:28 2014 GMT
-    {0x3e, 0xcf, 0x4b, 0xbb, 0xe4, 0x60, 0x96, 0xd5, 0x14, 0xbb,
-     0x53, 0x9b, 0xb9, 0x13, 0xd7, 0x7a, 0xa4, 0xef, 0x31, 0xbf},
     // Three retired intermediate certificates from Symantec. No compromise;
     // just for robustness. All expire May 17 23:59:59 2018.
     // See https://bugzilla.mozilla.org/show_bug.cgi?id=966060
@@ -444,6 +440,13 @@ bool CertVerifyProc::IsPublicKeyBlacklisted(
     // Expires: March 5th, 2024.
     {0xe5, 0x8e, 0x31, 0x5b, 0xaa, 0xee, 0xaa, 0xc6, 0xe7, 0x2e,
      0xc9, 0x57, 0x36, 0x70, 0xca, 0x2f, 0x25, 0x4e, 0xc3, 0x47},
+    // C=DE, O=Fraunhofer, OU=Fraunhofer Corporate PKI,
+    // CN=Fraunhofer Service CA 2007.
+    // Expires: Jun 30 2019.
+    // No compromise, just for robustness. See
+    // https://bugzilla.mozilla.org/show_bug.cgi?id=1076940
+    {0x38, 0x4d, 0x0c, 0x1d, 0xc4, 0x77, 0xa7, 0xb3, 0xf8, 0x67,
+     0x86, 0xd0, 0x18, 0x51, 0x9f, 0x58, 0x9f, 0x1e, 0x9e, 0x25},
   };
 
   for (unsigned i = 0; i < kNumHashes; i++) {