diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-09 16:50:59 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-09 16:50:59 +0000 |
| commit | bbfd05018b55b5bb2f97f2256b1f056bb7de48b4 (patch) | |
| tree | f0af306ce769f54aa42e5b1099b6c0d8c9ad4e68 /net | |
| parent | 18738e7b0d470cc93fc82204fa3fe4efadca8996 (diff) | |
| download | chromium_src-bbfd05018b55b5bb2f97f2256b1f056bb7de48b4.zip chromium_src-bbfd05018b55b5bb2f97f2256b1f056bb7de48b4.tar.gz chromium_src-bbfd05018b55b5bb2f97f2256b1f056bb7de48b4.tar.bz2 | |
net: switch to blocking DigiCert Sdn Bhd by public key.
Entrust have now revoked their intermediate certificate. This change reflects
that and removes the blocked serial numbers that are now covered by the block
of the public key.
BUG=102530
TEST=Check that https://www.fbcm.com.my is revoked.
Review URL: http://codereview.chromium.org/8504001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@109259 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/x509_certificate.cc | 44 |
1 files changed, 6 insertions, 38 deletions
diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc index 324dcc6..10e7f0a 100644 --- a/net/base/x509_certificate.cc +++ b/net/base/x509_certificate.cc @@ -743,50 +743,13 @@ bool X509Certificate::IsBlacklisted() const { } } - static const unsigned kDigiCertSdnBhdSerialBytes = 3; - static const uint8 kDigiCertSdnBhdSerials[][kDigiCertSdnBhdSerialBytes] = { - {0x3e,0xe9,0x1d}, - {0x3f,0xb3,0xbb}, - {0x47,0x64,0x07}, - {0x41,0x38,0x55}, - {0x47,0x90,0x0b}, - {0x47,0x6b,0xfd}, - {0x47,0xd9,0x77}, - {0x47,0x9b,0xbb}, - {0x3e,0xda,0x1a}, - {0x48,0xd5,0x80}, - {0x47,0x9b,0xb4}, - {0x3e,0xda,0x1d}, - {0x48,0xe5,0x7a}, - {0x47,0x9b,0xb0}, - {0x49,0x15,0x9a}, - {0x48,0xaf,0x30}, - {0x3e,0xe6,0x3f}, - {0x40,0xf6,0x9b}, - {0x47,0x35,0xb8}, - {0x49,0x3b,0x0c}, - {0x47,0xd9,0x08}, - {0x49,0x3e,0x98}, - }; - - if (serial.size() == kDigiCertSdnBhdSerialBytes && - !issuer_.organization_names.empty() && - issuer_.organization_names[0] == "Digicert Sdn. Bhd.") { - for (unsigned i = 0; i < arraysize(kDigiCertSdnBhdSerials); i++) { - if (memcmp(kDigiCertSdnBhdSerials[i], serial.data(), - kDigiCertSdnBhdSerialBytes) == 0) { - return true; - } - } - } - return false; } // static bool X509Certificate::IsPublicKeyBlacklisted( const std::vector<SHA1Fingerprint>& public_key_hashes) { - static const unsigned kNumHashes = 6; + static const unsigned kNumHashes = 7; static const uint8 kHashes[kNumHashes][base::kSHA1Length] = { // Subject: CN=DigiNotar Root CA // Issuer: CN=Entrust.net x2 and self-signed @@ -813,6 +776,11 @@ bool X509Certificate::IsPublicKeyBlacklisted( // Expires: Jul 17 15:16:54 2012 GMT {0x01, 0x29, 0xbc, 0xd5, 0xb4, 0x48, 0xae, 0x8d, 0x24, 0x96, 0xd1, 0xc3, 0xe1, 0x97, 0x23, 0x91, 0x90, 0x88, 0xe1, 0x52}, + // Subject: O=Digicert Sdn. Bhd. + // Issuer: CN=Entrust.net Certification Authority (2048) + // Expires: Jul 16 17:53:37 2015 GMT + {0xd3, 0x3c, 0x5b, 0x41, 0xe4, 0x5c, 0xc4, 0xb3, 0xbe, 0x9a, + 0xd6, 0x95, 0x2c, 0x4e, 0xcc, 0x25, 0x28, 0x03, 0x29, 0x81}, }; for (unsigned i = 0; i < kNumHashes; i++) { |