Add new certificate error code

ERR_CERT_WEAK_SIGNATURE_ALGORITHM and certificate status flag CERT_STATUS_WEAK_SIGNATURE_ALGORITHM. Note that I didn't add new load flag LOAD_IGNORE_CERT_WEAK_SIGNATURE_ALGORITHM. Allow users to accept MD2 certificates as certificates signed using a weak signature algorithm. MD4 certificates are still treated as invalid certificates. R=jar,jcampan BUG=http://crbug.com/18725 TEST=none Review URL: http://codereview.chromium.org/165504 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23497 0039d316-1c4b-4281-b951-d872f2087c98
author: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-08-14 23:49:19 +0000
committer: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-08-14 23:49:19 +0000
commit: 0374b299997a8bd265a7f79cc06f79e7892a0ac7 (patch)
tree: e6df89d8a3dd741026b39442ffed95b30835b075 /chrome/browser/ssl
parent: b31844be04ffac8e67d5f302c3bad5b28e1dec79 (diff)
download: chromium_src-0374b299997a8bd265a7f79cc06f79e7892a0ac7.zip
chromium_src-0374b299997a8bd265a7f79cc06f79e7892a0ac7.tar.gz
chromium_src-0374b299997a8bd265a7f79cc06f79e7892a0ac7.tar.bz2
3 files changed, 28 insertions, 8 deletions
diff --git a/chrome/browser/ssl/ssl_error_info.cc b/chrome/browser/ssl/ssl_error_info.cc
index d47529a..fd54bd4 100644
--- a/chrome/browser/ssl/ssl_error_info.cc
+++ b/chrome/browser/ssl/ssl_error_info.cc
@@ -153,6 +153,20 @@ SSLErrorInfo SSLErrorInfo::CreateError(ErrorType error_type,
       short_description =
           l10n_util::GetString(IDS_CERT_ERROR_INVALID_CERT_DESCRIPTION);
       break;
+    case CERT_WEAK_SIGNATURE_ALGORITHM:
+      title =
+          l10n_util::GetString(IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_TITLE);
+      details = l10n_util::GetStringF(
+          IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DETAILS,
+          UTF8ToWide(request_url.host()));
+      short_description = l10n_util::GetString(
+          IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DESCRIPTION);
+      extra_info.push_back(
+          l10n_util::GetString(IDS_CERT_ERROR_EXTRA_INFO_1));
+      extra_info.push_back(
+          l10n_util::GetString(
+              IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_EXTRA_INFO_2));
+      break;
     case MIXED_CONTENTS:
       title = l10n_util::GetString(IDS_SSL_MIXED_CONTENT_TITLE);
       details = l10n_util::GetString(IDS_SSL_MIXED_CONTENT_DETAILS);
@@ -199,6 +213,8 @@ SSLErrorInfo::ErrorType SSLErrorInfo::NetErrorToErrorType(int net_error) {
       return CERT_REVOKED;
     case net::ERR_CERT_INVALID:
       return CERT_INVALID;
+    case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
+      return CERT_WEAK_SIGNATURE_ALGORITHM;
     default:
       NOTREACHED();
       return UNKNOWN;
@@ -217,7 +233,8 @@ int SSLErrorInfo::GetErrorsForCertStatus(int cert_id,
     net::CERT_STATUS_NO_REVOCATION_MECHANISM,
     net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION,
     net::CERT_STATUS_REVOKED,
-    net::CERT_STATUS_INVALID
+    net::CERT_STATUS_INVALID,
+    net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM
   };
 
   const ErrorType kErrorTypes[] = {
@@ -227,7 +244,8 @@ int SSLErrorInfo::GetErrorsForCertStatus(int cert_id,
     CERT_NO_REVOCATION_MECHANISM,
     CERT_UNABLE_TO_CHECK_REVOCATION,
     CERT_REVOKED,
-    CERT_INVALID
+    CERT_INVALID,
+    CERT_WEAK_SIGNATURE_ALGORITHM
   };
   DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes));
 
diff --git a/chrome/browser/ssl/ssl_error_info.h b/chrome/browser/ssl/ssl_error_info.h
index d11fc0d..c3f9b63 100644
--- a/chrome/browser/ssl/ssl_error_info.h
+++ b/chrome/browser/ssl/ssl_error_info.h
@@ -1,9 +1,9 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef CHROME_BROWSER_SSL_ERROR_INFO_H__
-#define CHROME_BROWSER_SSL_ERROR_INFO_H__
+#ifndef CHROME_BROWSER_SSL_SSL_ERROR_INFO_H_
+#define CHROME_BROWSER_SSL_SSL_ERROR_INFO_H_
 
 #include <string>
 #include <vector>
@@ -27,6 +27,7 @@ class SSLErrorInfo {
     CERT_UNABLE_TO_CHECK_REVOCATION,
     CERT_REVOKED,
     CERT_INVALID,
+    CERT_WEAK_SIGNATURE_ALGORITHM,
     MIXED_CONTENTS,
     UNSAFE_CONTENTS,
     UNKNOWN
@@ -64,7 +65,7 @@ class SSLErrorInfo {
     return extra_information_;
   }
 
-private:
+ private:
   SSLErrorInfo(const std::wstring& title,
                const std::wstring& details,
                const std::wstring& short_description,
@@ -78,4 +79,4 @@ private:
   std::vector<std::wstring> extra_information_;
 };
 
-#endif  // CHROME_BROWSER_SSL_ERROR_INFO_H__
+#endif  // CHROME_BROWSER_SSL_SSL_ERROR_INFO_H_
diff --git a/chrome/browser/ssl/ssl_policy.cc b/chrome/browser/ssl/ssl_policy.cc
index 4efad66..cbef647 100644
--- a/chrome/browser/ssl/ssl_policy.cc
+++ b/chrome/browser/ssl/ssl_policy.cc
@@ -84,10 +84,11 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
   // For now we handle the DENIED as the UNKNOWN, which means a blocking
   // page is shown to the user every time he comes back to the page.
 
-  switch(handler->cert_error()) {
+  switch (handler->cert_error()) {
     case net::ERR_CERT_COMMON_NAME_INVALID:
     case net::ERR_CERT_DATE_INVALID:
     case net::ERR_CERT_AUTHORITY_INVALID:
+    case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
       OnOverridableCertError(handler);
       break;
     case net::ERR_CERT_NO_REVOCATION_MECHANISM:
author	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-08-14 23:49:19 +0000
committer	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-08-14 23:49:19 +0000
commit	0374b299997a8bd265a7f79cc06f79e7892a0ac7 (patch)
tree	e6df89d8a3dd741026b39442ffed95b30835b075 /chrome/browser/ssl
parent	b31844be04ffac8e67d5f302c3bad5b28e1dec79 (diff)
download	chromium_src-0374b299997a8bd265a7f79cc06f79e7892a0ac7.zip chromium_src-0374b299997a8bd265a7f79cc06f79e7892a0ac7.tar.gz chromium_src-0374b299997a8bd265a7f79cc06f79e7892a0ac7.tar.bz2