Index: net/base/x509_certificate_win.cc |
diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc |
index c04ff4d0284e1d6c05ab488dfc0d8da0a7404d3a..c672dfc6f0ef0fb631b6aa30da7c8f4308c343e0 100644 |
--- a/net/base/x509_certificate_win.cc |
+++ b/net/base/x509_certificate_win.cc |
@@ -866,6 +866,7 @@ int X509Certificate::VerifyInternal(const std::string& hostname, |
chain_flags, |
NULL, // reserved |
&chain_context)) { |
+ verify_result->cert_status |= CERT_STATUS_INVALID; |
return MapSecurityError(GetLastError()); |
} |
@@ -884,6 +885,7 @@ int X509Certificate::VerifyInternal(const std::string& hostname, |
chain_flags, |
NULL, // reserved |
&chain_context)) { |
+ verify_result->cert_status |= CERT_STATUS_INVALID; |
return MapSecurityError(GetLastError()); |
} |
} |
@@ -894,14 +896,6 @@ int X509Certificate::VerifyInternal(const std::string& hostname, |
verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( |
chain_context->TrustStatus.dwErrorStatus); |
- // Treat certificates signed using broken signature algorithms as invalid. |
- if (verify_result->has_md4) |
- verify_result->cert_status |= CERT_STATUS_INVALID; |
- |
- // Flag certificates signed using weak signature algorithms. |
- if (verify_result->has_md2) |
- verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; |
- |
// Flag certificates that have a Subject common name with a NULL character. |
if (CertSubjectCommonNameHasNull(cert_handle_)) |
verify_result->cert_status |= CERT_STATUS_INVALID; |