Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_nss.cc

Issue 7819009: For the SSL cert status, convert anonymous enum that gives bit values into a typedefed uint32. Th... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/cert_status_flags.h ('K') | « net/base/x509_certificate_mac.cc ('k') | net/base/x509_certificate_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <cryptohi.h> 8 #include <cryptohi.h>
9 #include <keyhi.h> 9 #include <keyhi.h>
10 #include <nss.h> 10 #include <nss.h>
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after
120 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: 120 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
121 case SEC_ERROR_EXTENSION_VALUE_INVALID: 121 case SEC_ERROR_EXTENSION_VALUE_INVALID:
122 return ERR_CERT_INVALID; 122 return ERR_CERT_INVALID;
123 default: 123 default:
124 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; 124 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED";
125 return ERR_FAILED; 125 return ERR_FAILED;
126 } 126 }
127 } 127 }
128 128
129 // Map PORT_GetError() return values to our cert status flags. 129 // Map PORT_GetError() return values to our cert status flags.
130 int MapCertErrorToCertStatus(int err) { 130 CertStatus MapCertErrorToCertStatus(int err) {
131 switch (err) { 131 switch (err) {
132 case SSL_ERROR_BAD_CERT_DOMAIN: 132 case SSL_ERROR_BAD_CERT_DOMAIN:
133 return CERT_STATUS_COMMON_NAME_INVALID; 133 return CERT_STATUS_COMMON_NAME_INVALID;
134 case SEC_ERROR_INVALID_TIME: 134 case SEC_ERROR_INVALID_TIME:
135 case SEC_ERROR_EXPIRED_CERTIFICATE: 135 case SEC_ERROR_EXPIRED_CERTIFICATE:
136 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: 136 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
137 return CERT_STATUS_DATE_INVALID; 137 return CERT_STATUS_DATE_INVALID;
138 case SEC_ERROR_UNKNOWN_ISSUER: 138 case SEC_ERROR_UNKNOWN_ISSUER:
139 case SEC_ERROR_UNTRUSTED_ISSUER: 139 case SEC_ERROR_UNTRUSTED_ISSUER:
140 case SEC_ERROR_CA_CERT_INVALID: 140 case SEC_ERROR_CA_CERT_INVALID:
(...skipping 664 matching lines...) Expand 10 before | Expand all | Expand 10 after
805 flags &= ~VERIFY_EV_CERT; 805 flags &= ~VERIFY_EV_CERT;
806 } 806 }
807 status = PKIXVerifyCert(cert_handle_, check_revocation, NULL, 0, cvout); 807 status = PKIXVerifyCert(cert_handle_, check_revocation, NULL, 0, cvout);
808 if (status != SECSuccess) { 808 if (status != SECSuccess) {
809 int err = PORT_GetError(); 809 int err = PORT_GetError();
810 LOG(ERROR) << "CERT_PKIXVerifyCert for " << hostname 810 LOG(ERROR) << "CERT_PKIXVerifyCert for " << hostname
811 << " failed err=" << err; 811 << " failed err=" << err;
812 // CERT_PKIXVerifyCert rerports the wrong error code for 812 // CERT_PKIXVerifyCert rerports the wrong error code for
813 // expired certificates (NSS bug 491174) 813 // expired certificates (NSS bug 491174)
814 if (err == SEC_ERROR_CERT_NOT_VALID && 814 if (err == SEC_ERROR_CERT_NOT_VALID &&
815 (verify_result->cert_status & CERT_STATUS_DATE_INVALID) != 0) 815 (verify_result->cert_status & CERT_STATUS_DATE_INVALID))
816 err = SEC_ERROR_EXPIRED_CERTIFICATE; 816 err = SEC_ERROR_EXPIRED_CERTIFICATE;
817 int cert_status = MapCertErrorToCertStatus(err); 817 CertStatus cert_status = MapCertErrorToCertStatus(err);
818 if (cert_status) { 818 if (cert_status) {
819 verify_result->cert_status |= cert_status; 819 verify_result->cert_status |= cert_status;
820 return MapCertStatusToNetError(verify_result->cert_status); 820 return MapCertStatusToNetError(verify_result->cert_status);
821 } 821 }
822 // |err| is not a certificate error. 822 // |err| is not a certificate error.
823 return MapSecurityError(err); 823 return MapSecurityError(err);
824 } 824 }
825 825
826 GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain, 826 GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain,
827 cvout[cvout_trust_anchor_index].value.pointer.cert, 827 cvout[cvout_trust_anchor_index].value.pointer.cert,
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after
1009 1009
1010 // static 1010 // static
1011 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, 1011 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
1012 Pickle* pickle) { 1012 Pickle* pickle) {
1013 return pickle->WriteData( 1013 return pickle->WriteData(
1014 reinterpret_cast<const char*>(cert_handle->derCert.data), 1014 reinterpret_cast<const char*>(cert_handle->derCert.data),
1015 cert_handle->derCert.len); 1015 cert_handle->derCert.len);
1016 } 1016 }
1017 1017
1018 } // namespace net 1018 } // namespace net
OLDNEW
« net/base/cert_status_flags.h ('K') | « net/base/x509_certificate_mac.cc ('k') | net/base/x509_certificate_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698