diff options
| author | flackr@chromium.org <flackr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-01-11 17:24:14 +0000 |
|---|---|---|
| committer | flackr@chromium.org <flackr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-01-11 17:24:14 +0000 |
| commit | dd675d84312842ebe51ebcccd693b83c0a02cab9 (patch) | |
| tree | 17466c5a350b98a4df197f130134943d7e4c43c3 /net | |
| parent | 7da70ea6f8eaaaee7736d89dc6902b0743ef119a (diff) | |
| download | chromium_src-dd675d84312842ebe51ebcccd693b83c0a02cab9.zip chromium_src-dd675d84312842ebe51ebcccd693b83c0a02cab9.tar.gz chromium_src-dd675d84312842ebe51ebcccd693b83c0a02cab9.tar.bz2 | |
Revert 117225 - Implement CRLSet checking on Windows.
BUG=none
TEST=net_unittests
Review URL: http://codereview.chromium.org/9153014
TBR=agl@chromium.org
Review URL: http://codereview.chromium.org/9186009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@117236 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/x509_certificate_unittest.cc | 4 | ||||
| -rw-r--r-- | net/base/x509_certificate_win.cc | 66 |
2 files changed, 3 insertions, 67 deletions
diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc index a32c37c..2badf8b 100644 --- a/net/base/x509_certificate_unittest.cc +++ b/net/base/x509_certificate_unittest.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -1384,7 +1384,7 @@ TEST(X509CertificateTest, GetDEREncoded) { } #endif -#if defined(USE_NSS) || defined(OS_WIN) +#if defined(USE_NSS) static const uint8 kCRLSetThawteSPKIBlocked[] = { 0x8e, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc index 19ac3e2..3fd48e1 100644 --- a/net/base/x509_certificate_win.cc +++ b/net/base/x509_certificate_win.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -17,11 +17,9 @@ #include "base/utf_string_conversions.h" #include "crypto/rsa_private_key.h" #include "crypto/scoped_capi_types.h" -#include "crypto/sha2.h" #include "net/base/asn1_util.h" #include "net/base/cert_status_flags.h" #include "net/base/cert_verify_result.h" -#include "net/base/crl_set.h" #include "net/base/ev_root_ca_metadata.h" #include "net/base/net_errors.h" #include "net/base/test_root_certs.h" @@ -458,65 +456,6 @@ X509Certificate::OSCertHandles ParsePKCS7(const char* data, size_t length) { return results; } -bool CheckRevocationWithCRLSet(PCCERT_CHAIN_CONTEXT chain, - CRLSet* crl_set) { - if (chain->cChain == 0) - return true; - - const PCERT_SIMPLE_CHAIN first_chain = chain->rgpChain[0]; - const PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement; - - const int num_elements = first_chain->cElement; - if (num_elements == 0) - return true; - - // We iterate from the root certificate down to the leaf, keeping track of - // the issuer's SPKI at each step. - std::string issuer_spki_hash; - for (int i = num_elements - 1; i >= 0; i--) { - PCCERT_CONTEXT cert = element[i]->pCertContext; - - base::StringPiece der_bytes( - reinterpret_cast<const char*>(cert->pbCertEncoded), - cert->cbCertEncoded); - base::StringPiece spki; - if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki)) { - NOTREACHED(); - continue; - } - - const std::string spki_hash = crypto::SHA256HashString(spki); - - const CRYPT_INTEGER_BLOB* serial_blob = &cert->pCertInfo->SerialNumber; - scoped_array<uint8> serial_bytes(new uint8[serial_blob->cbData]); - // The bytes of the serial number are stored little-endian. - for (unsigned j = 0; j < serial_blob->cbData; j++) - serial_bytes[j] = serial_blob->pbData[serial_blob->cbData - j - 1]; - base::StringPiece serial(reinterpret_cast<const char*>(serial_bytes.get()), - serial_blob->cbData); - - CRLSet::Result result = crl_set->CheckSPKI(spki_hash); - - if (result != CRLSet::REVOKED && !issuer_spki_hash.empty()) - result = crl_set->CheckSerial(serial, issuer_spki_hash); - - issuer_spki_hash = spki_hash; - - switch (result) { - case CRLSet::REVOKED: - return false; - case CRLSet::UNKNOWN: - case CRLSet::GOOD: - continue; - default: - NOTREACHED(); - continue; - } - } - - return true; -} - void AppendPublicKeyHashes(PCCERT_CHAIN_CONTEXT chain, std::vector<SHA1Fingerprint>* hashes) { if (chain->cChain == 0) @@ -961,9 +900,6 @@ int X509Certificate::VerifyInternal(const std::string& hostname, if (CertSubjectCommonNameHasNull(cert_handle_)) verify_result->cert_status |= CERT_STATUS_INVALID; - if (crl_set && !CheckRevocationWithCRLSet(chain_context, crl_set)) - verify_result->cert_status |= CERT_STATUS_REVOKED; - std::wstring wstr_hostname = ASCIIToWide(hostname); SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para; |