diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-04 02:02:09 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-04 02:02:09 +0000 |
| commit | 2944441f847cf583b747cc36f5df45af5f882d0d (patch) | |
| tree | 8242be5dfabe361cab8c55cf25d95777b76a1d25 /net/cert | |
| parent | 1e6e2ead4789746946989381f556c77374fedbbe (diff) | |
| download | chromium_src-2944441f847cf583b747cc36f5df45af5f882d0d.zip chromium_src-2944441f847cf583b747cc36f5df45af5f882d0d.tar.gz chromium_src-2944441f847cf583b747cc36f5df45af5f882d0d.tar.bz2 | |
On OSX 10.9, treat MD2/MD5 intermediate/leafs as "weak", rather than invalid
OS X 10.9 disallows MD5 to be used for signing certs (see
http://support.apple.com/kb/HT6011 ). Rather than mapping the CSSM error to
the invalid cert error code (which prevents any user bypass), map the error
to the weak cert error code, which lets the user recover, but after an
interstitial.
BUG=325885
R=wtc
Review URL: https://codereview.chromium.org/121583002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@242986 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/cert')
| -rw-r--r-- | net/cert/cert_verify_proc_mac.cc | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/net/cert/cert_verify_proc_mac.cc b/net/cert/cert_verify_proc_mac.cc index 542fba1..2e14109 100644 --- a/net/cert/cert_verify_proc_mac.cc +++ b/net/cert/cert_verify_proc_mac.cc @@ -578,7 +578,7 @@ int CertVerifyProcMac::VerifyInternal( // the CSSMERR_TP_VERIFY_ACTION_FAILED to CERT_STATUS_INVALID if the only // error was due to an unsupported key size. bool policy_failed = false; - bool weak_key = false; + bool weak_key_or_signature_algorithm = false; // Evaluate the results OSStatus cssm_result; @@ -622,14 +622,31 @@ int CertVerifyProcMac::VerifyInternal( for (uint32 status_code_index = 0; status_code_index < chain_info[index].NumStatusCodes; ++status_code_index) { - CertStatus mapped_status = CertStatusFromOSStatus( - chain_info[index].StatusCodes[status_code_index]); - if (mapped_status == CERT_STATUS_WEAK_KEY) - weak_key = true; + // As of OS X 10.9, attempting to verify a certificate chain that + // contains a weak signature algorithm (MD2, MD5) in an intermediate + // or leaf cert will be treated as a (recoverable) policy validation + // failure, with the status code CSSMERR_TP_INVALID_CERTIFICATE + // added to the Status Codes. Don't treat this code as an invalid + // certificate; instead, map it to a weak key. Any truly invalid + // certificates will have the major error (cssm_result) set to + // CSSMERR_TP_INVALID_CERTIFICATE, rather than + // CSSMERR_TP_VERIFY_ACTION_FAILED. + CertStatus mapped_status = 0; + if (policy_failed && + chain_info[index].StatusCodes[status_code_index] == + CSSMERR_TP_INVALID_CERTIFICATE) { + mapped_status = CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; + weak_key_or_signature_algorithm = true; + } else { + mapped_status = CertStatusFromOSStatus( + chain_info[index].StatusCodes[status_code_index]); + if (mapped_status == CERT_STATUS_WEAK_KEY) + weak_key_or_signature_algorithm = true; + } verify_result->cert_status |= mapped_status; } } - if (policy_failed && !weak_key) { + if (policy_failed && !weak_key_or_signature_algorithm) { // If CSSMERR_TP_VERIFY_ACTION_FAILED wasn't returned due to a weak // key, map it back to an appropriate error code. verify_result->cert_status |= CertStatusFromOSStatus(cssm_result); |