OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
8 #include "base/metrics/histogram.h" | 8 #include "base/metrics/histogram.h" |
9 #include "base/sha1.h" | 9 #include "base/sha1.h" |
10 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
(...skipping 244 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
255 // Flag certificates using weak signature algorithms. | 255 // Flag certificates using weak signature algorithms. |
256 if (verify_result->has_md5) { | 256 if (verify_result->has_md5) { |
257 verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; | 257 verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; |
258 // Avoid replacing a more serious error, such as an OS/library failure, | 258 // Avoid replacing a more serious error, such as an OS/library failure, |
259 // by ensuring that if verification failed, it failed with a certificate | 259 // by ensuring that if verification failed, it failed with a certificate |
260 // error. | 260 // error. |
261 if (rv == OK || IsCertificateError(rv)) | 261 if (rv == OK || IsCertificateError(rv)) |
262 rv = MapCertStatusToNetError(verify_result->cert_status); | 262 rv = MapCertStatusToNetError(verify_result->cert_status); |
263 } | 263 } |
264 | 264 |
| 265 if (verify_result->has_sha1) |
| 266 verify_result->cert_status |= CERT_STATUS_SHA1_SIGNATURE_PRESENT; |
| 267 |
265 // Flag certificates from publicly-trusted CAs that are issued to intranet | 268 // Flag certificates from publicly-trusted CAs that are issued to intranet |
266 // hosts. While the CA/Browser Forum Baseline Requirements (v1.1) permit | 269 // hosts. While the CA/Browser Forum Baseline Requirements (v1.1) permit |
267 // these to be issued until 1 November 2015, they represent a real risk for | 270 // these to be issued until 1 November 2015, they represent a real risk for |
268 // the deployment of gTLDs and are being phased out ahead of the hard | 271 // the deployment of gTLDs and are being phased out ahead of the hard |
269 // deadline. | 272 // deadline. |
270 if (verify_result->is_issued_by_known_root && IsHostnameNonUnique(hostname)) { | 273 if (verify_result->is_issued_by_known_root && IsHostnameNonUnique(hostname)) { |
271 verify_result->cert_status |= CERT_STATUS_NON_UNIQUE_NAME; | 274 verify_result->cert_status |= CERT_STATUS_NON_UNIQUE_NAME; |
272 // CERT_STATUS_NON_UNIQUE_NAME will eventually become a hard error. For | 275 // CERT_STATUS_NON_UNIQUE_NAME will eventually become a hard error. For |
273 // now treat it as a warning and do not map it to an error return value. | 276 // now treat it as a warning and do not map it to an error return value. |
274 } | 277 } |
(...skipping 327 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
602 return true; | 605 return true; |
603 } | 606 } |
604 } | 607 } |
605 } | 608 } |
606 } | 609 } |
607 | 610 |
608 return false; | 611 return false; |
609 } | 612 } |
610 | 613 |
611 } // namespace net | 614 } // namespace net |
OLD | NEW |