diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-09-16 19:24:45 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-09-16 19:24:45 +0000 |
| commit | 43025b7aae5cc78c35317d46eb2192ac23943a2b (patch) | |
| tree | b9df83dbb092bf94843278435e72459ce69c4b7e /net/base | |
| parent | 1c636142456e6bdf09684a09a4bb843af4499833 (diff) | |
| download | chromium_src-43025b7aae5cc78c35317d46eb2192ac23943a2b.zip chromium_src-43025b7aae5cc78c35317d46eb2192ac23943a2b.tar.gz chromium_src-43025b7aae5cc78c35317d46eb2192ac23943a2b.tar.bz2 | |
Show "DNS" as the authority for DNSSEC validated certficiates.
At the moment, if we validate a certificate using DNSSEC the Page Info
dialog will show whatever Issuer the site chose as the issuing
authority. That's confusing because the site could choose a string
like 'US Dept of Homeland Security' (for example) which is misleading.
This patch forces the authority string to always be "DNSSEC" in the
case that we used DNSSEC to validate the certificate.
(The string "DNSSEC" isn't translated as it's an acronym.)
BUG=none
TEST=none
http://codereview.chromium.org/3304016/show
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59686 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/cert_status_flags.cc | 4 | ||||
| -rw-r--r-- | net/base/cert_status_flags.h | 2 |
2 files changed, 6 insertions, 0 deletions
diff --git a/net/base/cert_status_flags.cc b/net/base/cert_status_flags.cc index 7e20cec..a6bdce4 100644 --- a/net/base/cert_status_flags.cc +++ b/net/base/cert_status_flags.cc @@ -33,6 +33,8 @@ int MapNetErrorToCertStatus(int error) { return CERT_STATUS_INVALID; case ERR_CERT_WEAK_SIGNATURE_ALGORITHM: return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; + case ERR_CERT_NOT_IN_DNS: + return CERT_STATUS_NOT_IN_DNS; default: return 0; } @@ -63,6 +65,8 @@ int MapCertStatusToNetError(int cert_status) { return ERR_CERT_UNABLE_TO_CHECK_REVOCATION; if (cert_status & CERT_STATUS_NO_REVOCATION_MECHANISM) return ERR_CERT_NO_REVOCATION_MECHANISM; + if (cert_status & CERT_STATUS_NOT_IN_DNS) + return ERR_CERT_NOT_IN_DNS; NOTREACHED(); return ERR_UNEXPECTED; diff --git a/net/base/cert_status_flags.h b/net/base/cert_status_flags.h index 26e465c..8bf2565 100644 --- a/net/base/cert_status_flags.h +++ b/net/base/cert_status_flags.h @@ -21,10 +21,12 @@ enum { CERT_STATUS_REVOKED = 1 << 6, CERT_STATUS_INVALID = 1 << 7, CERT_STATUS_WEAK_SIGNATURE_ALGORITHM = 1 << 8, + CERT_STATUS_NOT_IN_DNS = 1 << 9, // Bits 16 to 30 are for non-error statuses. CERT_STATUS_IS_EV = 1 << 16, CERT_STATUS_REV_CHECKING_ENABLED = 1 << 17, + CERT_STATUS_IS_DNSSEC = 1 << 18, // 1 << 31 (the sign bit) is reserved so that the cert status will never be // negative. |