diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-07 01:09:57 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-07 01:09:57 +0000 |
| commit | 60f1f37451c18b9b0e86264144300da8adb63f65 (patch) | |
| tree | 26347fe7cb19f36d2f43884b3ee298d2be7de6e5 /net | |
| parent | 70f673eac27a22c7a09abfbe1b05df4fb934defa (diff) | |
| download | chromium_src-60f1f37451c18b9b0e86264144300da8adb63f65.zip chromium_src-60f1f37451c18b9b0e86264144300da8adb63f65.tar.gz chromium_src-60f1f37451c18b9b0e86264144300da8adb63f65.tar.bz2 | |
Treat certificate signatures using weak signature algorithms
as invalid.
R=cevans,mal
BUG=http://crbug.com/18725
TEST=none
Review URL: http://codereview.chromium.org/164115
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@22709 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/x509_certificate_win.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc index ece65be..cd50668 100644 --- a/net/base/x509_certificate_win.cc +++ b/net/base/x509_certificate_win.cc @@ -471,6 +471,10 @@ int X509Certificate::Verify(const std::string& hostname, verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( chain_context->TrustStatus.dwErrorStatus); + // Treat certificate signatures using weak signature algorithms as invalid. + if (verify_result->has_md2 || verify_result->has_md4) + verify_result->cert_status |= CERT_STATUS_INVALID; + std::wstring wstr_hostname = ASCIIToWide(hostname); SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; |