Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
| 8 #include <Security/Security.h> | 8 #include <Security/Security.h> |
| 9 #include <time.h> | 9 #include <time.h> |
| 10 | 10 |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 64 case CSSMERR_TP_CERT_EXPIRED: | 64 case CSSMERR_TP_CERT_EXPIRED: |
| 65 case CSSMERR_TP_CERT_NOT_VALID_YET: | 65 case CSSMERR_TP_CERT_NOT_VALID_YET: |
| 66 // "Expired" and "not yet valid" collapse into a single status. | 66 // "Expired" and "not yet valid" collapse into a single status. |
| 67 return CERT_STATUS_DATE_INVALID; | 67 return CERT_STATUS_DATE_INVALID; |
| 68 | 68 |
| 69 case CSSMERR_TP_CERT_REVOKED: | 69 case CSSMERR_TP_CERT_REVOKED: |
| 70 case CSSMERR_TP_CERT_SUSPENDED: | 70 case CSSMERR_TP_CERT_SUSPENDED: |
| 71 return CERT_STATUS_REVOKED; | 71 return CERT_STATUS_REVOKED; |
| 72 | 72 |
| 73 case CSSMERR_APPLETP_HOSTNAME_MISMATCH: | 73 case CSSMERR_APPLETP_HOSTNAME_MISMATCH: |
| 74 // CSSMERR_APPLETP_INVALID_EMPTY_SUBJECT is set if the certificate has an | |
| 75 // empty Subject field but the subjectAltName extension is not marked as | |
| 76 // critical. This interpretation of RFC 5280 Section 4.1.2.6 is overly | |
| 77 // strict. It's not clear whether we can ignore this error, so we report | |
| 78 // it, but map it to an overridable error rather than CERT_STATUS_INVALID. | |
| 79 // Properly issued certificates should not have this error. | |
| 80 // NOTE: to ignore this error, map it to 0. | |
| 81 case CSSMERR_APPLETP_INVALID_EMPTY_SUBJECT: | |
|
Ryan Sleevi
2011/03/10 02:30:51
This error is also returned if the EE cert has an
wtc
2011/03/11 00:25:11
Both cases are OK.
Case 1: an EE cert has an empt
| |
| 74 return CERT_STATUS_COMMON_NAME_INVALID; | 82 return CERT_STATUS_COMMON_NAME_INVALID; |
| 75 | 83 |
| 76 case CSSMERR_APPLETP_CRL_NOT_FOUND: | 84 case CSSMERR_APPLETP_CRL_NOT_FOUND: |
| 77 case CSSMERR_APPLETP_INCOMPLETE_REVOCATION_CHECK: | 85 case CSSMERR_APPLETP_INCOMPLETE_REVOCATION_CHECK: |
| 78 case CSSMERR_APPLETP_OCSP_UNAVAILABLE: | 86 case CSSMERR_APPLETP_OCSP_UNAVAILABLE: |
| 79 return CERT_STATUS_NO_REVOCATION_MECHANISM; | 87 return CERT_STATUS_NO_REVOCATION_MECHANISM; |
| 80 | 88 |
| 81 case CSSMERR_APPLETP_CRL_NOT_TRUSTED: | 89 case CSSMERR_APPLETP_CRL_NOT_TRUSTED: |
| 82 case CSSMERR_APPLETP_CRL_SERVER_DOWN: | 90 case CSSMERR_APPLETP_CRL_SERVER_DOWN: |
| 83 case CSSMERR_APPLETP_CRL_NOT_VALID_YET: | 91 case CSSMERR_APPLETP_CRL_NOT_VALID_YET: |
| (...skipping 1092 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1176 CFArrayAppendArray(chain, | 1184 CFArrayAppendArray(chain, |
| 1177 cert_chain, | 1185 cert_chain, |
| 1178 CFRangeMake(1, chain_count - 1)); | 1186 CFRangeMake(1, chain_count - 1)); |
| 1179 } | 1187 } |
| 1180 } | 1188 } |
| 1181 | 1189 |
| 1182 return chain.release(); | 1190 return chain.release(); |
| 1183 } | 1191 } |
| 1184 | 1192 |
| 1185 } // namespace net | 1193 } // namespace net |
| OLD | NEW |