From bbfd05018b55b5bb2f97f2256b1f056bb7de48b4 Mon Sep 17 00:00:00 2001 From: "agl@chromium.org" Date: Wed, 9 Nov 2011 16:50:59 +0000 Subject: net: switch to blocking DigiCert Sdn Bhd by public key. Entrust have now revoked their intermediate certificate. This change reflects that and removes the blocked serial numbers that are now covered by the block of the public key. BUG=102530 TEST=Check that https://www.fbcm.com.my is revoked. Review URL: http://codereview.chromium.org/8504001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@109259 0039d316-1c4b-4281-b951-d872f2087c98 --- net/base/x509_certificate.cc | 44 ++++++-------------------------------------- 1 file changed, 6 insertions(+), 38 deletions(-) diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc index 324dcc6..10e7f0a 100644 --- a/net/base/x509_certificate.cc +++ b/net/base/x509_certificate.cc @@ -743,50 +743,13 @@ bool X509Certificate::IsBlacklisted() const { } } - static const unsigned kDigiCertSdnBhdSerialBytes = 3; - static const uint8 kDigiCertSdnBhdSerials[][kDigiCertSdnBhdSerialBytes] = { - {0x3e,0xe9,0x1d}, - {0x3f,0xb3,0xbb}, - {0x47,0x64,0x07}, - {0x41,0x38,0x55}, - {0x47,0x90,0x0b}, - {0x47,0x6b,0xfd}, - {0x47,0xd9,0x77}, - {0x47,0x9b,0xbb}, - {0x3e,0xda,0x1a}, - {0x48,0xd5,0x80}, - {0x47,0x9b,0xb4}, - {0x3e,0xda,0x1d}, - {0x48,0xe5,0x7a}, - {0x47,0x9b,0xb0}, - {0x49,0x15,0x9a}, - {0x48,0xaf,0x30}, - {0x3e,0xe6,0x3f}, - {0x40,0xf6,0x9b}, - {0x47,0x35,0xb8}, - {0x49,0x3b,0x0c}, - {0x47,0xd9,0x08}, - {0x49,0x3e,0x98}, - }; - - if (serial.size() == kDigiCertSdnBhdSerialBytes && - !issuer_.organization_names.empty() && - issuer_.organization_names[0] == "Digicert Sdn. Bhd.") { - for (unsigned i = 0; i < arraysize(kDigiCertSdnBhdSerials); i++) { - if (memcmp(kDigiCertSdnBhdSerials[i], serial.data(), - kDigiCertSdnBhdSerialBytes) == 0) { - return true; - } - } - } - return false; } // static bool X509Certificate::IsPublicKeyBlacklisted( const std::vector& public_key_hashes) { - static const unsigned kNumHashes = 6; + static const unsigned kNumHashes = 7; static const uint8 kHashes[kNumHashes][base::kSHA1Length] = { // Subject: CN=DigiNotar Root CA // Issuer: CN=Entrust.net x2 and self-signed @@ -813,6 +776,11 @@ bool X509Certificate::IsPublicKeyBlacklisted( // Expires: Jul 17 15:16:54 2012 GMT {0x01, 0x29, 0xbc, 0xd5, 0xb4, 0x48, 0xae, 0x8d, 0x24, 0x96, 0xd1, 0xc3, 0xe1, 0x97, 0x23, 0x91, 0x90, 0x88, 0xe1, 0x52}, + // Subject: O=Digicert Sdn. Bhd. + // Issuer: CN=Entrust.net Certification Authority (2048) + // Expires: Jul 16 17:53:37 2015 GMT + {0xd3, 0x3c, 0x5b, 0x41, 0xe4, 0x5c, 0xc4, 0xb3, 0xbe, 0x9a, + 0xd6, 0x95, 0x2c, 0x4e, 0xcc, 0x25, 0x28, 0x03, 0x29, 0x81}, }; for (unsigned i = 0; i < kNumHashes; i++) { -- cgit v1.1