diff options
author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-28 16:50:32 +0000 |
---|---|---|
committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-28 16:50:32 +0000 |
commit | 4feca4bc5a385528932f93e74ef197626b0d82d5 (patch) | |
tree | 6960d83f09eaee590bb0632951e63f87264dbe5d /net/base | |
parent | 9ec7446c2fc481ca998ebda86466f996d6fc4f8d (diff) | |
download | chromium_src-4feca4bc5a385528932f93e74ef197626b0d82d5.zip chromium_src-4feca4bc5a385528932f93e74ef197626b0d82d5.tar.gz chromium_src-4feca4bc5a385528932f93e74ef197626b0d82d5.tar.bz2 |
net: use SSL_PeerCertificateChain for getting server certs
Now that we have SSL_PeerCertificateChain, we can remove uses of
CERT_GetCertChainFromCert. The latter would return a constructed
certificate chain rather than the actual chain returned from the
server. Thus we can also remove the Comodo cert workaround.
BUG=none
TEST=net_unittests
http://codereview.chromium.org/4185001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64262 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
-rw-r--r-- | net/base/x509_certificate.cc | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc index ad49f18..7bbce5c 100644 --- a/net/base/x509_certificate.cc +++ b/net/base/x509_certificate.cc @@ -154,56 +154,6 @@ X509Certificate* X509Certificate::CreateFromHandle( } #if defined(OS_WIN) -// See IsProblematicComodoEVCACert, below. -// Issuer: -// CN = AddTrust External CA Root -// OU = AddTrust External TTP Network -// O = AddTrust AB -// C = SE -// -// This is the first 308 bytes of the certificate, which covers the serial -// number, issuer and subject. It stops just short of the public key. -static const uint8 kProblematicComodoEVCACert[] = { - 0x30, 0x82, 0x04, 0xd5, 0x30, 0x82, 0x03, 0xbd, 0xa0, 0x03, 0x02, 0x01, 0x02, - 0x02, 0x10, 0x79, 0x0a, 0x83, 0x4d, 0x48, 0x40, 0x6b, 0xab, 0x6c, 0x35, 0x2a, - 0xd5, 0x1f, 0x42, 0x83, 0xfe, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6f, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x53, 0x45, 0x31, 0x14, 0x30, 0x12, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, - 0x73, 0x74, 0x20, 0x41, 0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x1d, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, - 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x54, 0x54, 0x50, 0x20, 0x4e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x20, 0x52, - 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x37, 0x30, 0x31, 0x30, 0x31, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x35, - 0x33, 0x30, 0x31, 0x30, 0x34, 0x38, 0x33, 0x38, 0x5a, 0x30, 0x73, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1b, - 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x12, 0x47, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x72, 0x20, 0x4d, 0x61, 0x6e, 0x63, 0x68, 0x65, 0x73, 0x74, 0x65, - 0x72, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x53, - 0x61, 0x6c, 0x66, 0x6f, 0x72, 0x64, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x11, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x43, 0x41, - 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x19, 0x30, 0x17, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, - 0x45, 0x56, 0x20, 0x53, 0x47, 0x43, 0x20, 0x43, 0x41, -}; - -// A certificate for COMODO EV SGC CA, issued by AddTrust External CA Root, -// causes CertGetCertificateChain to report CERT_TRUST_IS_NOT_VALID_FOR_USAGE. -// It seems to be caused by the szOID_APPLICATION_CERT_POLICIES extension in -// that certificate. -// -// This function is used in the workaround for http://crbug.com/43538 -static bool IsProblematicComodoEVCACert(base::StringPiece der_cert) { - return der_cert.size() >= sizeof(kProblematicComodoEVCACert) && - memcmp(der_cert.data(), kProblematicComodoEVCACert, - sizeof(kProblematicComodoEVCACert)) == 0; -} -#endif - -#if defined(OS_WIN) static X509Certificate::OSCertHandle CreateOSCert(base::StringPiece der_cert) { X509Certificate::OSCertHandle cert_handle = NULL; BOOL ok = CertAddEncodedCertificateToStore( @@ -227,10 +177,6 @@ X509Certificate* X509Certificate::CreateFromDERCertChain( X509Certificate::OSCertHandles intermediate_ca_certs; for (size_t i = 1; i < der_certs.size(); i++) { -#if defined(OS_WIN) - if (IsProblematicComodoEVCACert(der_certs[i])) - continue; -#endif OSCertHandle handle = CreateOSCert(der_certs[i]); DCHECK(handle); intermediate_ca_certs.push_back(handle); |