net/base/cert_verify_proc_win.cc - Issue 10857020: Do not perform online revocation checking when the user has explicitly disabled it, except for when…

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/cert_verify_proc_win.cc

Issue 10857020: Do not perform online revocation checking when the user has explicitly disabled it, except for when… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Review feedback Created 8 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/cert_verify_proc_win.cc

diff --git a/net/base/cert_verify_proc_win.cc b/net/base/cert_verify_proc_win.cc

index 045ea16840c27a02e50f76e0dccc2632bff035d9..a733d132642c433e805d146e884b467c298f7457 100644

--- a/net/base/cert_verify_proc_win.cc

+++ b/net/base/cert_verify_proc_win.cc

@@ -541,17 +541,6 @@ int CertVerifyProcWin::VerifyInternal(X509Certificate* cert,

chain_para.RequestedUsage.Usage.cUsageIdentifier = arraysize(usage);

chain_para.RequestedUsage.Usage.rgpszUsageIdentifier =

const_cast<LPSTR*>(usage);

- // We can set CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS to get more chains.

- DWORD chain_flags = CERT_CHAIN_CACHE_END_CERT |

- CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;

- const bool rev_checking_enabled =

- flags & X509Certificate::VERIFY_REV_CHECKING_ENABLED;

- if (rev_checking_enabled) {

- verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;

- } else {

- chain_flags |= CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY;

- }

// Get the certificatePolicies extension of the certificate.

scoped_ptr_malloc<CERT_POLICIES_INFO> policies_info;

@@ -574,6 +563,20 @@ int CertVerifyProcWin::VerifyInternal(X509Certificate* cert,

}

+ // We can set CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS to get more chains.

+ DWORD chain_flags = CERT_CHAIN_CACHE_END_CERT |

+ CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;

+ const bool rev_checking_enabled =

+ (flags & X509Certificate::VERIFY_REV_CHECKING_ENABLED) ||

+ (ev_policy_oid != NULL &&

+ (flags & X509Certificate::VERIFY_REV_CHECKING_ENABLED_EV_ONLY));

+ if (rev_checking_enabled) {

+ verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;

+ } else {

+ chain_flags |= CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY;

+ }

// For non-test scenarios, use the default HCERTCHAINENGINE, NULL, which

// corresponds to HCCE_CURRENT_USER and is is initialized as needed by

// crypt32. However, when testing, it is necessary to create a new

« no previous file with comments | « net/base/cert_verify_proc_nss.cc ('k') | net/base/ev_root_ca_metadata.h » ('j') | net/base/x509_certificate.h » ('J')