| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/ssl_client_socket_win.h" | 5 #include "net/base/ssl_client_socket_win.h" |
| 6 | 6 |
| 7 #include <schnlsp.h> | 7 #include <schnlsp.h> |
| 8 | 8 |
| 9 #include "base/lock.h" | 9 #include "base/lock.h" |
| 10 #include "base/singleton.h" | 10 #include "base/singleton.h" |
| (...skipping 1015 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1026 void SSLClientSocketWin::LogConnectionTypeMetrics( | 1026 void SSLClientSocketWin::LogConnectionTypeMetrics( |
| 1027 PCCERT_CHAIN_CONTEXT chain_context) { | 1027 PCCERT_CHAIN_CONTEXT chain_context) { |
| 1028 UpdateConnectionTypeHistograms(CONNECTION_SSL); | 1028 UpdateConnectionTypeHistograms(CONNECTION_SSL); |
| 1029 | 1029 |
| 1030 PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0]; | 1030 PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0]; |
| 1031 int num_elements = first_chain->cElement; | 1031 int num_elements = first_chain->cElement; |
| 1032 PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement; | 1032 PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement; |
| 1033 bool has_md5 = false; | 1033 bool has_md5 = false; |
| 1034 bool has_md2 = false; | 1034 bool has_md2 = false; |
| 1035 bool has_md4 = false; | 1035 bool has_md4 = false; |
| 1036 bool has_md5_ca = false; |
| 1036 | 1037 |
| 1037 // Each chain starts with the end entity certificate and ends with the root | 1038 // Each chain starts with the end entity certificate (i = 0) and ends with |
| 1038 // CA certificate. Do not inspect the signature algorithm of the root CA | 1039 // the root CA certificate (i = num_elements - 1). Do not inspect the |
| 1039 // certificate because the signature on the trust anchor is not important. | 1040 // signature algorithm of the root CA certificate because the signature on |
| 1041 // the trust anchor is not important. |
| 1040 for (int i = 0; i < num_elements - 1; ++i) { | 1042 for (int i = 0; i < num_elements - 1; ++i) { |
| 1041 PCCERT_CONTEXT cert = element[i]->pCertContext; | 1043 PCCERT_CONTEXT cert = element[i]->pCertContext; |
| 1042 const char* algorithm = cert->pCertInfo->SignatureAlgorithm.pszObjId; | 1044 const char* algorithm = cert->pCertInfo->SignatureAlgorithm.pszObjId; |
| 1043 if (strcmp(algorithm, szOID_RSA_MD5RSA) == 0) { | 1045 if (strcmp(algorithm, szOID_RSA_MD5RSA) == 0) { |
| 1044 // md5WithRSAEncryption: 1.2.840.113549.1.1.4 | 1046 // md5WithRSAEncryption: 1.2.840.113549.1.1.4 |
| 1045 has_md5 = true; | 1047 has_md5 = true; |
| 1048 if (i != 0) |
| 1049 has_md5_ca = true; |
| 1046 } else if (strcmp(algorithm, szOID_RSA_MD2RSA) == 0) { | 1050 } else if (strcmp(algorithm, szOID_RSA_MD2RSA) == 0) { |
| 1047 // md2WithRSAEncryption: 1.2.840.113549.1.1.2 | 1051 // md2WithRSAEncryption: 1.2.840.113549.1.1.2 |
| 1048 has_md2 = true; | 1052 has_md2 = true; |
| 1049 } else if (strcmp(algorithm, szOID_RSA_MD4RSA) == 0) { | 1053 } else if (strcmp(algorithm, szOID_RSA_MD4RSA) == 0) { |
| 1050 // md4WithRSAEncryption: 1.2.840.113549.1.1.3 | 1054 // md4WithRSAEncryption: 1.2.840.113549.1.1.3 |
| 1051 has_md4 = true; | 1055 has_md4 = true; |
| 1052 } | 1056 } |
| 1053 } | 1057 } |
| 1054 | 1058 |
| 1055 if (has_md5) | 1059 if (has_md5) |
| 1056 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5); | 1060 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5); |
| 1057 if (has_md2) | 1061 if (has_md2) |
| 1058 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2); | 1062 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2); |
| 1059 if (has_md4) | 1063 if (has_md4) |
| 1060 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4); | 1064 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4); |
| 1065 if (has_md5_ca) |
| 1066 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA); |
| 1061 } | 1067 } |
| 1062 | 1068 |
| 1063 // Set server_cert_status_ and return OK or a network error. | 1069 // Set server_cert_status_ and return OK or a network error. |
| 1064 int SSLClientSocketWin::VerifyServerCert() { | 1070 int SSLClientSocketWin::VerifyServerCert() { |
| 1065 DCHECK(server_cert_); | 1071 DCHECK(server_cert_); |
| 1066 server_cert_status_ = 0; | 1072 server_cert_status_ = 0; |
| 1067 | 1073 |
| 1068 // Build and validate certificate chain. | 1074 // Build and validate certificate chain. |
| 1069 | 1075 |
| 1070 CERT_CHAIN_PARA chain_para; | 1076 CERT_CHAIN_PARA chain_para; |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1184 // compatible with WinHTTP, which doesn't report this error (bug 3004). | 1190 // compatible with WinHTTP, which doesn't report this error (bug 3004). |
| 1185 server_cert_status_ &= ~CERT_STATUS_NO_REVOCATION_MECHANISM; | 1191 server_cert_status_ &= ~CERT_STATUS_NO_REVOCATION_MECHANISM; |
| 1186 | 1192 |
| 1187 if (IsCertStatusError(server_cert_status_)) | 1193 if (IsCertStatusError(server_cert_status_)) |
| 1188 return MapCertStatusToNetError(server_cert_status_); | 1194 return MapCertStatusToNetError(server_cert_status_); |
| 1189 return OK; | 1195 return OK; |
| 1190 } | 1196 } |
| 1191 | 1197 |
| 1192 } // namespace net | 1198 } // namespace net |
| 1193 | 1199 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 18063:
Add a bucket in the connection type histograms for... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/