de70f5cff2a6e16cda89b15fadd75cba11694fc3 - chromium/src

commit	de70f5cff2a6e16cda89b15fadd75cba11694fc3	[log] [tgz]
author	rsleevi <rsleevi@chromium.org>	Tue Jun 21 06:00:23 2016
committer	Commit bot <commit-bot@chromium.org>	Tue Jun 21 06:02:11 2016
tree	e025a067cffd8c967613cade4bd73992991503fc
parent	1b32ab54ae3451e24152fc1e433b7e1cb44ac56e [diff]

Remove the fingerprint and ca_fingerprint from X509Certificate X509Certificate provided a function to get the SHA-1 hash of the certificate data and the SHA-1 hash of the intermediates. This was largely for sorting optimizations, but was never intended to be a substitute for true equality checks (namely, IsSameOSCert()). However, because X509Certificate::LessThan used these, the comparison of two X509Certificates was less secure than desired. This removes the fingerprint members and the ability to publicly compute the SHA-1 hash of the certificate/intermediates. Callers can instead compute the SHA-256 fingerprint using X509Certificate::Calculate[CA]Fingerprint256 to obtain the equivalent SHA256HashValue fingerprint. This also optimizes CalculateCAFingerprint256 to avoid additional copies, by moving it to the platform-native implementation. BUG=613460 Review-Url: https://codereview.chromium.org/2000503002 Cr-Commit-Position: refs/heads/master@{#400904}