diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-03-23 19:36:23 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-03-23 19:36:23 +0000 |
| commit | b3ceaad6dc228c357a746e710787c4c21a709668 (patch) | |
| tree | 0179e26f73d1d420550f4d8bbf59d57f33856a9a /net | |
| parent | b243311969015f0ede7f5cd75e541abf4f3be4f3 (diff) | |
| download | chromium_src-b3ceaad6dc228c357a746e710787c4c21a709668.zip chromium_src-b3ceaad6dc228c357a746e710787c4c21a709668.tar.gz chromium_src-b3ceaad6dc228c357a746e710787c4c21a709668.tar.bz2 | |
SEC_ERROR_UNTRUSTED_CERT means the user has marked the (leaf) certificate
as not trusted. We should not allow the user to accept the certificate.
A simple way to accomplish that is to treat the certificate as revoked.
R=agl,rsleevi
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6675030
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@79165 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/x509_certificate_nss.cc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc index 31199d9..efa9d9d 100644 --- a/net/base/x509_certificate_nss.cc +++ b/net/base/x509_certificate_nss.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -103,9 +103,9 @@ int MapSecurityError(int err) { case SEC_ERROR_UNKNOWN_ISSUER: case SEC_ERROR_UNTRUSTED_ISSUER: case SEC_ERROR_CA_CERT_INVALID: - case SEC_ERROR_UNTRUSTED_CERT: return ERR_CERT_AUTHORITY_INVALID; case SEC_ERROR_REVOKED_CERTIFICATE: + case SEC_ERROR_UNTRUSTED_CERT: // Treat as revoked. return ERR_CERT_REVOKED; case SEC_ERROR_BAD_DER: case SEC_ERROR_BAD_SIGNATURE: @@ -135,7 +135,6 @@ int MapCertErrorToCertStatus(int err) { case SEC_ERROR_EXPIRED_CERTIFICATE: case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: return CERT_STATUS_DATE_INVALID; - case SEC_ERROR_UNTRUSTED_CERT: case SEC_ERROR_UNKNOWN_ISSUER: case SEC_ERROR_UNTRUSTED_ISSUER: case SEC_ERROR_CA_CERT_INVALID: @@ -145,6 +144,7 @@ int MapCertErrorToCertStatus(int err) { case SEC_ERROR_OCSP_SERVER_ERROR: return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; case SEC_ERROR_REVOKED_CERTIFICATE: + case SEC_ERROR_UNTRUSTED_CERT: // Treat as revoked. return CERT_STATUS_REVOKED; case SEC_ERROR_BAD_DER: case SEC_ERROR_BAD_SIGNATURE: |