Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(424)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_openssl.cc

Issue 6612013: Add X509Certificate::VerifyCertName(string) API. This will be used... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 9 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <openssl/asn1.h> 7 #include <openssl/asn1.h>
8 #include <openssl/crypto.h> 8 #include <openssl/crypto.h>
9 #include <openssl/obj_mac.h> 9 #include <openssl/obj_mac.h>
10 #include <openssl/pem.h> 10 #include <openssl/pem.h>
(...skipping 407 matching lines...) Expand 10 before | Expand all | Expand 10 after
418 int X509Certificate::Verify(const std::string& hostname, 418 int X509Certificate::Verify(const std::string& hostname,
419 int flags, 419 int flags,
420 CertVerifyResult* verify_result) const { 420 CertVerifyResult* verify_result) const {
421 verify_result->Reset(); 421 verify_result->Reset();
422 422
423 // TODO(joth): We should fetch the subjectAltNames directly rather than via 423 // TODO(joth): We should fetch the subjectAltNames directly rather than via
424 // GetDNSNames, so we can apply special handling for IP addresses vs DNS 424 // GetDNSNames, so we can apply special handling for IP addresses vs DNS
425 // names, etc. See http://crbug.com/62973. 425 // names, etc. See http://crbug.com/62973.
426 std::vector<std::string> cert_names; 426 std::vector<std::string> cert_names;
427 GetDNSNames(&cert_names); 427 GetDNSNames(&cert_names);
428 if (!x509_openssl_util::VerifyHostname(hostname, cert_names)) 428 if (!VerifyHostname(hostname, cert_names))
429 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; 429 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
430 430
431 base::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx( 431 base::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx(
432 X509_STORE_CTX_new()); 432 X509_STORE_CTX_new());
433 433
434 base::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates( 434 base::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates(
435 sk_X509_new_null()); 435 sk_X509_new_null());
436 if (!intermediates.get()) 436 if (!intermediates.get())
437 return ERR_OUT_OF_MEMORY; 437 return ERR_OUT_OF_MEMORY;
438 438
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
479 // cache the DER (if not already cached via X509_set_ex_data). 479 // cache the DER (if not already cached via X509_set_ex_data).
480 DERCache der_cache_a, der_cache_b; 480 DERCache der_cache_a, der_cache_b;
481 481
482 return GetDERAndCacheIfNeeded(a, &der_cache_a) && 482 return GetDERAndCacheIfNeeded(a, &der_cache_a) &&
483 GetDERAndCacheIfNeeded(b, &der_cache_b) && 483 GetDERAndCacheIfNeeded(b, &der_cache_b) &&
484 der_cache_a.data_length == der_cache_b.data_length && 484 der_cache_a.data_length == der_cache_b.data_length &&
485 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0; 485 memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0;
486 } 486 }
487 487
488 } // namespace net 488 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698