Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(185)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_verifier.cc

Issue 3112013: Move chain building/verification out of X509Certificate (Closed)
Patch Set: Rebase to trunk - Without OpenSSL fixes Created 10 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/base/cert_verifier.h ('k') | net/base/x509_certificate.h » ('j') | net/base/x509_chain.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/cert_verifier.h" 5 #include "net/base/cert_verifier.h"
6 6
7 #if defined(USE_NSS) 7 #if defined(USE_NSS)
8 #include <private/pprthred.h> // PR_DetatchThread 8 #include <private/pprthred.h> // PR_DetatchThread
9 #endif 9 #endif
10 10
11 #include "base/message_loop.h" 11 #include "base/message_loop.h"
12 #include "base/worker_pool.h" 12 #include "base/worker_pool.h"
13 #include "net/base/cert_verify_result.h" 13 #include "net/base/cert_verify_result.h"
14 #include "net/base/net_errors.h" 14 #include "net/base/net_errors.h"
15 #include "net/base/x509_certificate.h" 15 #include "net/base/x509_certificate.h"
16 #include "net/base/x509_chain.h"
16 17
17 namespace net { 18 namespace net {
18 19
19 class CertVerifier::Request : 20 class CertVerifier::Request :
20 public base::RefCountedThreadSafe<CertVerifier::Request> { 21 public base::RefCountedThreadSafe<CertVerifier::Request> {
21 public: 22 public:
22 Request(CertVerifier* verifier, 23 Request(CertVerifier* verifier,
23 X509Certificate* cert, 24 X509Certificate* cert,
24 const std::string& hostname, 25 const std::string& hostname,
25 int flags, 26 int flags,
26 CertVerifyResult* verify_result, 27 CertVerifyResult* verify_result,
27 CompletionCallback* callback) 28 CompletionCallback* callback)
28 : cert_(cert), 29 : cert_(cert),
29 hostname_(hostname), 30 hostname_(hostname),
30 flags_(flags), 31 flags_(flags),
31 verifier_(verifier), 32 verifier_(verifier),
32 verify_result_(verify_result), 33 verify_result_(verify_result),
33 callback_(callback), 34 callback_(callback),
34 origin_loop_(MessageLoop::current()), 35 origin_loop_(MessageLoop::current()),
35 error_(OK) { 36 error_(OK) {
36 } 37 }
37 38
38 void DoVerify() { 39 void DoVerify() {
39 // Running on the worker thread 40 // Running on the worker thread
40 error_ = cert_->Verify(hostname_, flags_, &result_); 41 error_ = x509_chain::VerifySSLServer(cert_, hostname_, flags_, &result_);
41 #if defined(USE_NSS) 42 #if defined(USE_NSS)
42 // Detach the thread from NSPR. 43 // Detach the thread from NSPR.
43 // Calling NSS functions attaches the thread to NSPR, which stores 44 // Calling NSS functions attaches the thread to NSPR, which stores
44 // the NSPR thread ID in thread-specific data. 45 // the NSPR thread ID in thread-specific data.
45 // The threads in our thread pool terminate after we have called 46 // The threads in our thread pool terminate after we have called
46 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets 47 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets
47 // segfaults on shutdown when the threads' thread-specific data 48 // segfaults on shutdown when the threads' thread-specific data
48 // destructors run. 49 // destructors run.
49 PR_DetachThread(); 50 PR_DetachThread();
50 #endif 51 #endif
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
127 int CertVerifier::Verify(X509Certificate* cert, 128 int CertVerifier::Verify(X509Certificate* cert,
128 const std::string& hostname, 129 const std::string& hostname,
129 int flags, 130 int flags,
130 CertVerifyResult* verify_result, 131 CertVerifyResult* verify_result,
131 CompletionCallback* callback) { 132 CompletionCallback* callback) {
132 DCHECK(!request_) << "verifier already in use"; 133 DCHECK(!request_) << "verifier already in use";
133 134
134 // Do a synchronous verification. 135 // Do a synchronous verification.
135 if (!callback) { 136 if (!callback) {
136 CertVerifyResult result; 137 CertVerifyResult result;
137 int rv = cert->Verify(hostname, flags, &result); 138 int rv = x509_chain::VerifySSLServer(cert, hostname, flags, &result);
138 *verify_result = result; 139 *verify_result = result;
139 return rv; 140 return rv;
140 } 141 }
141 142
142 request_ = new Request(this, cert, hostname, flags, verify_result, callback); 143 request_ = new Request(this, cert, hostname, flags, verify_result, callback);
143 144
144 // Dispatch to worker thread... 145 // Dispatch to worker thread...
145 if (!WorkerPool::PostTask(FROM_HERE, 146 if (!WorkerPool::PostTask(FROM_HERE,
146 NewRunnableMethod(request_.get(), &Request::DoVerify), true)) { 147 NewRunnableMethod(request_.get(), &Request::DoVerify), true)) {
147 NOTREACHED(); 148 NOTREACHED();
148 request_ = NULL; 149 request_ = NULL;
149 return ERR_FAILED; 150 return ERR_FAILED;
150 } 151 }
151 152
152 return ERR_IO_PENDING; 153 return ERR_IO_PENDING;
153 } 154 }
154 155
155 } // namespace net 156 } // namespace net
OLDNEW
« no previous file with comments | « net/base/cert_verifier.h ('k') | net/base/x509_certificate.h » ('j') | net/base/x509_chain.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698