| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <openssl/asn1.h> | 7 #include <openssl/asn1.h> |
| 8 #include <openssl/crypto.h> | 8 #include <openssl/crypto.h> |
| 9 #include <openssl/obj_mac.h> | 9 #include <openssl/obj_mac.h> |
| 10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
| (...skipping 416 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 427 | 427 |
| 428 if (X509_verify_cert(ctx.get()) != 1) { | 428 if (X509_verify_cert(ctx.get()) != 1) { |
| 429 int x509_error = X509_STORE_CTX_get_error(ctx.get()); | 429 int x509_error = X509_STORE_CTX_get_error(ctx.get()); |
| 430 int cert_status = MapCertErrorToCertStatus(x509_error); | 430 int cert_status = MapCertErrorToCertStatus(x509_error); |
| 431 LOG(ERROR) << "X509 Verification error " | 431 LOG(ERROR) << "X509 Verification error " |
| 432 << X509_verify_cert_error_string(x509_error) | 432 << X509_verify_cert_error_string(x509_error) |
| 433 << " : " << x509_error | 433 << " : " << x509_error |
| 434 << " : " << X509_STORE_CTX_get_error_depth(ctx.get()) | 434 << " : " << X509_STORE_CTX_get_error_depth(ctx.get()) |
| 435 << " : " << cert_status; | 435 << " : " << cert_status; |
| 436 verify_result->cert_status |= cert_status; | 436 verify_result->cert_status |= cert_status; |
| 437 return MapCertStatusToNetError(verify_result->cert_status); | |
| 438 } | 437 } |
| 439 | 438 |
| 440 if (IsCertStatusError(verify_result->cert_status)) | 439 if (IsCertStatusError(verify_result->cert_status)) |
| 441 return MapCertStatusToNetError(verify_result->cert_status); | 440 return MapCertStatusToNetError(verify_result->cert_status); |
| 442 | 441 |
| 443 return OK; | 442 return OK; |
| 444 } | 443 } |
| 445 | 444 |
| 446 // static | 445 // static |
| 447 bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a, | 446 bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a, |
| 448 X509Certificate::OSCertHandle b) { | 447 X509Certificate::OSCertHandle b) { |
| 449 DCHECK(a && b); | 448 DCHECK(a && b); |
| 450 if (a == b) | 449 if (a == b) |
| 451 return true; | 450 return true; |
| 452 | 451 |
| 453 // X509_cmp only checks the fingerprint, but we want to compare the whole | 452 // X509_cmp only checks the fingerprint, but we want to compare the whole |
| 454 // DER data. Encoding it from OSCertHandle is an expensive operation, so we | 453 // DER data. Encoding it from OSCertHandle is an expensive operation, so we |
| 455 // cache the DER (if not already cached via X509_set_ex_data). | 454 // cache the DER (if not already cached via X509_set_ex_data). |
| 456 DERCache der_cache_a, der_cache_b; | 455 DERCache der_cache_a, der_cache_b; |
| 457 | 456 |
| 458 return GetDERAndCacheIfNeeded(a, &der_cache_a) && | 457 return GetDERAndCacheIfNeeded(a, &der_cache_a) && |
| 459 GetDERAndCacheIfNeeded(b, &der_cache_b) && | 458 GetDERAndCacheIfNeeded(b, &der_cache_b) && |
| 460 der_cache_a.data_length == der_cache_b.data_length && | 459 der_cache_a.data_length == der_cache_b.data_length && |
| 461 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0; | 460 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0; |
| 462 } | 461 } |
| 463 | 462 |
| 464 } // namespace net | 463 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 5587001:
Follow-up fixes for comments from wtc on patch http://codereview.chromium.org/5195001 (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src