Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(298)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_verify_proc.cc

Issue 10763006: net: block Cyberoam CA with leaked private key. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/cert_verify_proc.h" 5 #include "net/base/cert_verify_proc.h"
6 6
7 #include "base/metrics/histogram.h" 7 #include "base/metrics/histogram.h"
8 #include "base/sha1.h" 8 #include "base/sha1.h"
9 #include "build/build_config.h" 9 #include "build/build_config.h"
10 #include "net/base/cert_status_flags.h" 10 #include "net/base/cert_status_flags.h"
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after
212 } 212 }
213 } 213 }
214 } 214 }
215 215
216 return false; 216 return false;
217 } 217 }
218 218
219 // static 219 // static
220 bool CertVerifyProc::IsPublicKeyBlacklisted( 220 bool CertVerifyProc::IsPublicKeyBlacklisted(
221 const std::vector<SHA1Fingerprint>& public_key_hashes) { 221 const std::vector<SHA1Fingerprint>& public_key_hashes) {
222 static const unsigned kNumHashes = 8; 222 static const unsigned kNumHashes = 9;
223 static const uint8 kHashes[kNumHashes][base::kSHA1Length] = { 223 static const uint8 kHashes[kNumHashes][base::kSHA1Length] = {
224 // Subject: CN=DigiNotar Root CA 224 // Subject: CN=DigiNotar Root CA
225 // Issuer: CN=Entrust.net x2 and self-signed 225 // Issuer: CN=Entrust.net x2 and self-signed
226 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d, 226 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d,
227 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8}, 227 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8},
228 // Subject: CN=DigiNotar Cyber CA 228 // Subject: CN=DigiNotar Cyber CA
229 // Issuer: CN=GTE CyberTrust Global Root 229 // Issuer: CN=GTE CyberTrust Global Root
230 {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95, 230 {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95,
231 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1}, 231 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1},
232 // Subject: CN=DigiNotar Services 1024 CA 232 // Subject: CN=DigiNotar Services 1024 CA
(...skipping 16 matching lines...) Expand all
249 // Subject: O=Digicert Sdn. Bhd. 249 // Subject: O=Digicert Sdn. Bhd.
250 // Issuer: CN=Entrust.net Certification Authority (2048) 250 // Issuer: CN=Entrust.net Certification Authority (2048)
251 // Expires: Jul 16 17:53:37 2015 GMT 251 // Expires: Jul 16 17:53:37 2015 GMT
252 {0xd3, 0x3c, 0x5b, 0x41, 0xe4, 0x5c, 0xc4, 0xb3, 0xbe, 0x9a, 252 {0xd3, 0x3c, 0x5b, 0x41, 0xe4, 0x5c, 0xc4, 0xb3, 0xbe, 0x9a,
253 0xd6, 0x95, 0x2c, 0x4e, 0xcc, 0x25, 0x28, 0x03, 0x29, 0x81}, 253 0xd6, 0x95, 0x2c, 0x4e, 0xcc, 0x25, 0x28, 0x03, 0x29, 0x81},
254 // Issuer: CN=Trustwave Organization Issuing CA, Level 2 254 // Issuer: CN=Trustwave Organization Issuing CA, Level 2
255 // Covers two certificates, the latter of which expires Apr 15 21:09:30 255 // Covers two certificates, the latter of which expires Apr 15 21:09:30
256 // 2021 GMT. 256 // 2021 GMT.
257 {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6, 257 {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6,
258 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32}, 258 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32},
259 // Cyberoam CA certificate. Private key leaked, but this certificate would
260 // only have been installed by Cyberoam customers. The certificate expires
261 // in 2036, but we can probably remove in a couple of years (2014).
262 {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e,
263 0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1},
259 }; 264 };
260 265
261 for (unsigned i = 0; i < kNumHashes; i++) { 266 for (unsigned i = 0; i < kNumHashes; i++) {
262 for (std::vector<SHA1Fingerprint>::const_iterator 267 for (std::vector<SHA1Fingerprint>::const_iterator
263 j = public_key_hashes.begin(); j != public_key_hashes.end(); ++j) { 268 j = public_key_hashes.begin(); j != public_key_hashes.end(); ++j) {
264 if (memcmp(j->data, kHashes[i], base::kSHA1Length) == 0) 269 if (memcmp(j->data, kHashes[i], base::kSHA1Length) == 0)
265 return true; 270 return true;
266 } 271 }
267 } 272 }
268 273
269 return false; 274 return false;
270 } 275 }
271 276
272 } // namespace net 277 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698