Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(244)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_openssl.cc

Issue 5195001: Fixes the remaining net_unittests for OpenSSL, with the exceptions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Clarify comment Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/chrome_tests.gypi ('K') | « net/base/keygen_handler_unittest.cc ('k') | net/base/x509_openssl_util.cc » ('j') | net/base/x509_openssl_util.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <openssl/asn1.h> 7 #include <openssl/asn1.h>
8 #include <openssl/crypto.h> 8 #include <openssl/crypto.h>
9 #include <openssl/obj_mac.h> 9 #include <openssl/obj_mac.h>
10 #include <openssl/pem.h> 10 #include <openssl/pem.h>
(...skipping 407 matching lines...) Expand 10 before | Expand all | Expand 10 after
418 418
419 for (OSCertHandles::const_iterator it = intermediate_ca_certs_.begin(); 419 for (OSCertHandles::const_iterator it = intermediate_ca_certs_.begin();
420 it != intermediate_ca_certs_.end(); ++it) { 420 it != intermediate_ca_certs_.end(); ++it) {
421 if (!sk_X509_push(intermediates.get(), *it)) 421 if (!sk_X509_push(intermediates.get(), *it))
422 return ERR_OUT_OF_MEMORY; 422 return ERR_OUT_OF_MEMORY;
423 } 423 }
424 int rv = X509_STORE_CTX_init(ctx.get(), cert_store(), 424 int rv = X509_STORE_CTX_init(ctx.get(), cert_store(),
425 cert_handle_, intermediates.get()); 425 cert_handle_, intermediates.get());
426 CHECK_EQ(1, rv); 426 CHECK_EQ(1, rv);
427 427
428 if (X509_verify_cert(ctx.get()) == 1) { 428 if (X509_verify_cert(ctx.get()) != 1) {
429 return OK; 429 int x509_error = X509_STORE_CTX_get_error(ctx.get());
430 int cert_status = MapCertErrorToCertStatus(x509_error);
431 LOG(ERROR) << "X509 Verification error "
432 << X509_verify_cert_error_string(x509_error)
433 << " : " << x509_error
434 << " : " << X509_STORE_CTX_get_error_depth(ctx.get())
435 << " : " << cert_status;
436 verify_result->cert_status |= cert_status;
437 return MapCertStatusToNetError(verify_result->cert_status);
wtc 2010/12/01 22:50:05 Nit: you can remove this return statement. If you
joth 2010/12/02 17:12:01 Done.
430 } 438 }
431 439
432 int x509_error = X509_STORE_CTX_get_error(ctx.get()); 440 if (IsCertStatusError(verify_result->cert_status))
433 int cert_status = MapCertErrorToCertStatus(x509_error); 441 return MapCertStatusToNetError(verify_result->cert_status);
434 LOG(ERROR) << "X509 Verification error " 442
435 << X509_verify_cert_error_string(x509_error) 443 return OK;
436 << " : " << x509_error
437 << " : " << X509_STORE_CTX_get_error_depth(ctx.get())
438 << " : " << cert_status;
439 verify_result->cert_status |= cert_status;
440 return MapCertStatusToNetError(verify_result->cert_status);
441 } 444 }
442 445
443 // static 446 // static
444 bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a, 447 bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a,
445 X509Certificate::OSCertHandle b) { 448 X509Certificate::OSCertHandle b) {
446 DCHECK(a && b); 449 DCHECK(a && b);
447 if (a == b) 450 if (a == b)
448 return true; 451 return true;
449 452
450 // X509_cmp only checks the fingerprint, but we want to compare the whole 453 // X509_cmp only checks the fingerprint, but we want to compare the whole
451 // DER data. Encoding it from OSCertHandle is an expensive operation, so we 454 // DER data. Encoding it from OSCertHandle is an expensive operation, so we
452 // cache the DER (if not already cached via X509_set_ex_data). 455 // cache the DER (if not already cached via X509_set_ex_data).
453 DERCache der_cache_a, der_cache_b; 456 DERCache der_cache_a, der_cache_b;
454 457
455 return GetDERAndCacheIfNeeded(a, &der_cache_a) && 458 return GetDERAndCacheIfNeeded(a, &der_cache_a) &&
456 GetDERAndCacheIfNeeded(b, &der_cache_b) && 459 GetDERAndCacheIfNeeded(b, &der_cache_b) &&
457 der_cache_a.data_length == der_cache_b.data_length && 460 der_cache_a.data_length == der_cache_b.data_length &&
458 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0; 461 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0;
459 } 462 }
460 463
461 } // namespace net 464 } // namespace net
OLDNEW
« chrome/chrome_tests.gypi ('K') | « net/base/keygen_handler_unittest.cc ('k') | net/base/x509_openssl_util.cc » ('j') | net/base/x509_openssl_util.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698