summaryrefslogtreecommitdiffstats
path: root/net/base
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-10-28 16:50:32 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-10-28 16:50:32 +0000
commit4feca4bc5a385528932f93e74ef197626b0d82d5 (patch)
tree6960d83f09eaee590bb0632951e63f87264dbe5d /net/base
parent9ec7446c2fc481ca998ebda86466f996d6fc4f8d (diff)
downloadchromium_src-4feca4bc5a385528932f93e74ef197626b0d82d5.zip
chromium_src-4feca4bc5a385528932f93e74ef197626b0d82d5.tar.gz
chromium_src-4feca4bc5a385528932f93e74ef197626b0d82d5.tar.bz2
net: use SSL_PeerCertificateChain for getting server certs
Now that we have SSL_PeerCertificateChain, we can remove uses of CERT_GetCertChainFromCert. The latter would return a constructed certificate chain rather than the actual chain returned from the server. Thus we can also remove the Comodo cert workaround. BUG=none TEST=net_unittests http://codereview.chromium.org/4185001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64262 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
-rw-r--r--net/base/x509_certificate.cc54
1 files changed, 0 insertions, 54 deletions
diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc
index ad49f18..7bbce5c 100644
--- a/net/base/x509_certificate.cc
+++ b/net/base/x509_certificate.cc
@@ -154,56 +154,6 @@ X509Certificate* X509Certificate::CreateFromHandle(
}
#if defined(OS_WIN)
-// See IsProblematicComodoEVCACert, below.
-// Issuer:
-// CN = AddTrust External CA Root
-// OU = AddTrust External TTP Network
-// O = AddTrust AB
-// C = SE
-//
-// This is the first 308 bytes of the certificate, which covers the serial
-// number, issuer and subject. It stops just short of the public key.
-static const uint8 kProblematicComodoEVCACert[] = {
- 0x30, 0x82, 0x04, 0xd5, 0x30, 0x82, 0x03, 0xbd, 0xa0, 0x03, 0x02, 0x01, 0x02,
- 0x02, 0x10, 0x79, 0x0a, 0x83, 0x4d, 0x48, 0x40, 0x6b, 0xab, 0x6c, 0x35, 0x2a,
- 0xd5, 0x1f, 0x42, 0x83, 0xfe, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
- 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6f, 0x31, 0x0b, 0x30, 0x09,
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x53, 0x45, 0x31, 0x14, 0x30, 0x12,
- 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75,
- 0x73, 0x74, 0x20, 0x41, 0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04,
- 0x0b, 0x13, 0x1d, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45,
- 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x54, 0x54, 0x50, 0x20, 0x4e,
- 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55,
- 0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20,
- 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x20, 0x52,
- 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x37, 0x30, 0x31, 0x30, 0x31,
- 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x35,
- 0x33, 0x30, 0x31, 0x30, 0x34, 0x38, 0x33, 0x38, 0x5a, 0x30, 0x73, 0x31, 0x0b,
- 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1b,
- 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x12, 0x47, 0x72, 0x65, 0x61,
- 0x74, 0x65, 0x72, 0x20, 0x4d, 0x61, 0x6e, 0x63, 0x68, 0x65, 0x73, 0x74, 0x65,
- 0x72, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x53,
- 0x61, 0x6c, 0x66, 0x6f, 0x72, 0x64, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55,
- 0x04, 0x0a, 0x13, 0x11, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x43, 0x41,
- 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x19, 0x30, 0x17, 0x06,
- 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20,
- 0x45, 0x56, 0x20, 0x53, 0x47, 0x43, 0x20, 0x43, 0x41,
-};
-
-// A certificate for COMODO EV SGC CA, issued by AddTrust External CA Root,
-// causes CertGetCertificateChain to report CERT_TRUST_IS_NOT_VALID_FOR_USAGE.
-// It seems to be caused by the szOID_APPLICATION_CERT_POLICIES extension in
-// that certificate.
-//
-// This function is used in the workaround for http://crbug.com/43538
-static bool IsProblematicComodoEVCACert(base::StringPiece der_cert) {
- return der_cert.size() >= sizeof(kProblematicComodoEVCACert) &&
- memcmp(der_cert.data(), kProblematicComodoEVCACert,
- sizeof(kProblematicComodoEVCACert)) == 0;
-}
-#endif
-
-#if defined(OS_WIN)
static X509Certificate::OSCertHandle CreateOSCert(base::StringPiece der_cert) {
X509Certificate::OSCertHandle cert_handle = NULL;
BOOL ok = CertAddEncodedCertificateToStore(
@@ -227,10 +177,6 @@ X509Certificate* X509Certificate::CreateFromDERCertChain(
X509Certificate::OSCertHandles intermediate_ca_certs;
for (size_t i = 1; i < der_certs.size(); i++) {
-#if defined(OS_WIN)
- if (IsProblematicComodoEVCACert(der_certs[i]))
- continue;
-#endif
OSCertHandle handle = CreateOSCert(der_certs[i]);
DCHECK(handle);
intermediate_ca_certs.push_back(handle);