Fix the "certificate is not yet valid" error for server certificates

issued by a VeriSign intermediate CA. Change the CertVerifier cache to identify a certificate chain by the hash of the entire chain rather than just the server certificate. This requires adding X509Certificate::chain_fingerprint(), and the X509Certificate::CalculateChainFingerprint() method to compute the chain fingerprint. R=agl@chromium.org,rsleevi@chromium.org BUG=101555 TEST=X509CertificateTest.ChainFingerprints and CertVerifierTest.DifferentCACerts in net_unittests Review URL: http://codereview.chromium.org/8400075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107888 0039d316-1c4b-4281-b951-d872f2087c98
author: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-10-29 23:45:39 +0000
committer: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-10-29 23:45:39 +0000
commit: de614d301995efdb349e998cea13c316ae3add7d (patch)
tree: b9b3fff405b79a94031214f0561ca3c0933120b1 /net/base/x509_certificate.cc
parent: b49cc1f6b42aec81e0b0e83f78dd92576853fa1a (diff)
download: chromium_src-de614d301995efdb349e998cea13c316ae3add7d.zip
chromium_src-de614d301995efdb349e998cea13c316ae3add7d.tar.gz
chromium_src-de614d301995efdb349e998cea13c316ae3add7d.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc
index 5004bf4..d36bfad 100644
--- a/net/base/x509_certificate.cc
+++ b/net/base/x509_certificate.cc
@@ -232,7 +232,7 @@ bool X509Certificate::LessThan::operator()(X509Certificate* lhs,
     return false;
 
   SHA1FingerprintLessThan fingerprint_functor;
-  return fingerprint_functor(lhs->fingerprint_, rhs->fingerprint_);
+  return fingerprint_functor(lhs->chain_fingerprint_, rhs->chain_fingerprint_);
 }
 
 X509Certificate::X509Certificate(const std::string& subject,
@@ -245,6 +245,7 @@ X509Certificate::X509Certificate(const std::string& subject,
       valid_expiry_(expiration_date),
       cert_handle_(NULL) {
   memset(fingerprint_.data, 0, sizeof(fingerprint_.data));
+  memset(chain_fingerprint_.data, 0, sizeof(chain_fingerprint_.data));
 }
 
 // static
author	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-10-29 23:45:39 +0000
committer	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-10-29 23:45:39 +0000
commit	de614d301995efdb349e998cea13c316ae3add7d (patch)
tree	b9b3fff405b79a94031214f0561ca3c0933120b1 /net/base/x509_certificate.cc
parent	b49cc1f6b42aec81e0b0e83f78dd92576853fa1a (diff)
download	chromium_src-de614d301995efdb349e998cea13c316ae3add7d.zip chromium_src-de614d301995efdb349e998cea13c316ae3add7d.tar.gz chromium_src-de614d301995efdb349e998cea13c316ae3add7d.tar.bz2