net/base/x509_certificate.cc - Issue 1128008: Mac: Make client-cert picker only show certs the server will accept.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/x509_certificate.cc

Issue 1128008: Mac: Make client-cert picker only show certs the server will accept. (Closed)

Patch Set: Added a test case of parsing T61STRING. Created 10 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/x509_certificate.cc

diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc

index adf73b9ce15970f6e38d094e5ace6996864b54bb..367afda2321eadac59abfcf8e204dcb8174904d4 100644

--- a/net/base/x509_certificate.cc

+++ b/net/base/x509_certificate.cc

@@ -4,7 +4,9 @@

#include "net/base/x509_certificate.h"

-#if defined(USE_NSS)

+#if defined(OS_MACOSX)

+#include <Security/Security.h>

+#elif defined(USE_NSS)

#include <cert.h>

#endif

@@ -56,8 +58,8 @@ bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a,

}

bool X509Certificate::FingerprintLessThan::operator()(

- const Fingerprint& lhs,

- const Fingerprint& rhs) const {

+ const SHA1Fingerprint& lhs,

+ const SHA1Fingerprint& rhs) const {

for (size_t i = 0; i < sizeof(lhs.data); ++i) {

if (lhs.data[i] < rhs.data[i])

return true;

@@ -121,47 +123,6 @@ X509Certificate* X509Certificate::Cache::Find(const Fingerprint& fingerprint) {

return pos->second;

};

-X509Certificate::Policy::Judgment X509Certificate::Policy::Check(

- X509Certificate* cert) const {

- // It shouldn't matter which set we check first, but we check denied first

- // in case something strange has happened.

- if (denied_.find(cert->fingerprint()) != denied_.end()) {

- // DCHECK that the order didn't matter.

- DCHECK(allowed_.find(cert->fingerprint()) == allowed_.end());

- return DENIED;

- }

- if (allowed_.find(cert->fingerprint()) != allowed_.end()) {

- // DCHECK that the order didn't matter.

- DCHECK(denied_.find(cert->fingerprint()) == denied_.end());

- return ALLOWED;

- }

- // We don't have a policy for this cert.

- return UNKNOWN;

-void X509Certificate::Policy::Allow(X509Certificate* cert) {

- // Put the cert in the allowed set and (maybe) remove it from the denied set.

- denied_.erase(cert->fingerprint());

- allowed_.insert(cert->fingerprint());

-void X509Certificate::Policy::Deny(X509Certificate* cert) {

- // Put the cert in the denied set and (maybe) remove it from the allowed set.

- allowed_.erase(cert->fingerprint());

- denied_.insert(cert->fingerprint());

-bool X509Certificate::Policy::HasAllowedCert() const {

- return !allowed_.empty();

-bool X509Certificate::Policy::HasDeniedCert() const {

- return !denied_.empty();

// static

X509Certificate* X509Certificate::CreateFromHandle(

OSCertHandle cert_handle,

« net/base/x509_cert_types_unittest.cc ('K') | « net/base/x509_certificate.h ('k') | net/base/x509_certificate_mac.cc » ('j') | net/base/x509_certificate_mac.cc » ('J')