Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(394)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_win.cc

Issue 3112013: Move chain building/verification out of X509Certificate (Closed)
Patch Set: Rebase to trunk - Without OpenSSL fixes Created 10 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/base/x509_chain_win.cc ('K') | « net/socket/ssl_client_socket_nss.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_win.h" 5 #include "net/socket/ssl_client_socket_win.h"
6 6
7 #include <schnlsp.h> 7 #include <schnlsp.h>
8 #include <map> 8 #include <map>
9 9
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
11 #include "base/lock.h" 11 #include "base/lock.h"
12 #include "base/singleton.h" 12 #include "base/singleton.h"
13 #include "base/stl_util-inl.h" 13 #include "base/stl_util-inl.h"
14 #include "base/string_util.h" 14 #include "base/string_util.h"
15 #include "base/utf_string_conversions.h" 15 #include "base/utf_string_conversions.h"
16 #include "net/base/cert_verifier.h" 16 #include "net/base/cert_verifier.h"
17 #include "net/base/connection_type_histograms.h" 17 #include "net/base/connection_type_histograms.h"
18 #include "net/base/io_buffer.h" 18 #include "net/base/io_buffer.h"
19 #include "net/base/net_log.h" 19 #include "net/base/net_log.h"
20 #include "net/base/net_errors.h" 20 #include "net/base/net_errors.h"
21 #include "net/base/ssl_cert_request_info.h" 21 #include "net/base/ssl_cert_request_info.h"
22 #include "net/base/ssl_connection_status_flags.h" 22 #include "net/base/ssl_connection_status_flags.h"
23 #include "net/base/ssl_info.h" 23 #include "net/base/ssl_info.h"
24 #include "net/base/x509_chain.h"
24 #include "net/socket/client_socket_handle.h" 25 #include "net/socket/client_socket_handle.h"
25 26
26 #pragma comment(lib, "secur32.lib") 27 #pragma comment(lib, "secur32.lib")
27 28
28 namespace net { 29 namespace net {
29 30
30 //----------------------------------------------------------------------------- 31 //-----------------------------------------------------------------------------
31 32
32 // TODO(wtc): See http://msdn.microsoft.com/en-us/library/aa377188(VS.85).aspx 33 // TODO(wtc): See http://msdn.microsoft.com/en-us/library/aa377188(VS.85).aspx
33 // for the other error codes we may need to map. 34 // for the other error codes we may need to map.
(...skipping 1006 matching lines...) Expand 10 before | Expand all | Expand 10 after
1040 } 1041 }
1041 1042
1042 // Set server_cert_status_ and return OK or a network error. 1043 // Set server_cert_status_ and return OK or a network error.
1043 int SSLClientSocketWin::DoVerifyCert() { 1044 int SSLClientSocketWin::DoVerifyCert() {
1044 next_state_ = STATE_VERIFY_CERT_COMPLETE; 1045 next_state_ = STATE_VERIFY_CERT_COMPLETE;
1045 1046
1046 DCHECK(server_cert_); 1047 DCHECK(server_cert_);
1047 1048
1048 int flags = 0; 1049 int flags = 0;
1049 if (ssl_config_.rev_checking_enabled) 1050 if (ssl_config_.rev_checking_enabled)
1050 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; 1051 flags |= x509_chain::VERIFY_REV_CHECKING_ENABLED;
1051 if (ssl_config_.verify_ev_cert) 1052 if (ssl_config_.verify_ev_cert)
1052 flags |= X509Certificate::VERIFY_EV_CERT; 1053 flags |= x509_chain::VERIFY_EV_CERT;
1053 verifier_.reset(new CertVerifier); 1054 verifier_.reset(new CertVerifier);
1054 return verifier_->Verify(server_cert_, hostname_, flags, 1055 return verifier_->Verify(server_cert_, hostname_, flags,
1055 &server_cert_verify_result_, 1056 &server_cert_verify_result_,
1056 &handshake_io_callback_); 1057 &handshake_io_callback_);
1057 } 1058 }
1058 1059
1059 int SSLClientSocketWin::DoVerifyCertComplete(int result) { 1060 int SSLClientSocketWin::DoVerifyCertComplete(int result) {
1060 DCHECK(verifier_.get()); 1061 DCHECK(verifier_.get());
1061 verifier_.reset(); 1062 verifier_.reset();
1062 1063
(...skipping 385 matching lines...) Expand 10 before | Expand all | Expand 10 after
1448 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); 1449 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA);
1449 } 1450 }
1450 1451
1451 void SSLClientSocketWin::FreeSendBuffer() { 1452 void SSLClientSocketWin::FreeSendBuffer() {
1452 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); 1453 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer);
1453 DCHECK(status == SEC_E_OK); 1454 DCHECK(status == SEC_E_OK);
1454 memset(&send_buffer_, 0, sizeof(send_buffer_)); 1455 memset(&send_buffer_, 0, sizeof(send_buffer_));
1455 } 1456 }
1456 1457
1457 } // namespace net 1458 } // namespace net
OLDNEW
« net/base/x509_chain_win.cc ('K') | « net/socket/ssl_client_socket_nss.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698