Treat an invalid key usage as an invalid certificate when using OpenSSL

BUG=none TEST=none Review URL: http://codereview.chromium.org/8387012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107043 0039d316-1c4b-4281-b951-d872f2087c98

Treat an invalid key usage as an invalid certificate when using OpenSSL
BUG=none TEST=none Review URL: http://codereview.chromium.org/8387012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107043 0039d316-1c4b-4281-b951-d872f2087c98
121202ab · rsleevi@chromium.org · da7d86e7 · 121202ab
Commit 121202ab authored Oct 25, 2011 by rsleevi@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 2 deletions

net/base/x509_certificate_openssl.cc net/base/x509_certificate_openssl.cc +1 -2

No files found.
--- a/net/base/x509_certificate_openssl.cc
+++ b/net/base/x509_certificate_openssl.cc
@@ -164,8 +164,6 @@ CertStatus MapCertErrorToCertStatus(int err) {
 #endif
    case X509_V_ERR_CERT_REVOKED:
      return CERT_STATUS_REVOKED;
-    case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
-      return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM;
    // All these status are mapped to CERT_STATUS_INVALID.
    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
@@ -182,6 +180,7 @@ CertStatus MapCertErrorToCertStatus(int err) {
    case X509_V_ERR_AKID_SKID_MISMATCH:
    case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
    case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+    case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
    case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
    case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
    case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: