Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(142)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_openssl.cc

Issue 7819009: For the SSL cert status, convert anonymous enum that gives bit values into a typedefed uint32. Th... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/cert_status_flags.h ('K') | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <openssl/asn1.h> 7 #include <openssl/asn1.h>
8 #include <openssl/crypto.h> 8 #include <openssl/crypto.h>
9 #include <openssl/obj_mac.h> 9 #include <openssl/obj_mac.h>
10 #include <openssl/pem.h> 10 #include <openssl/pem.h>
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
127 LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len; 127 LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len;
128 continue; 128 continue;
129 } 129 }
130 ip_addresses->push_back( 130 ip_addresses->push_back(
131 std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len)); 131 std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len));
132 } 132 }
133 } 133 }
134 } 134 }
135 135
136 // Maps X509_STORE_CTX_get_error() return values to our cert status flags. 136 // Maps X509_STORE_CTX_get_error() return values to our cert status flags.
137 int MapCertErrorToCertStatus(int err) { 137 CertStatus MapCertErrorToCertStatus(int err) {
138 switch (err) { 138 switch (err) {
139 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: 139 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
140 return CERT_STATUS_COMMON_NAME_INVALID; 140 return CERT_STATUS_COMMON_NAME_INVALID;
141 case X509_V_ERR_CERT_NOT_YET_VALID: 141 case X509_V_ERR_CERT_NOT_YET_VALID:
142 case X509_V_ERR_CERT_HAS_EXPIRED: 142 case X509_V_ERR_CERT_HAS_EXPIRED:
143 case X509_V_ERR_CRL_NOT_YET_VALID: 143 case X509_V_ERR_CRL_NOT_YET_VALID:
144 case X509_V_ERR_CRL_HAS_EXPIRED: 144 case X509_V_ERR_CRL_HAS_EXPIRED:
145 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 145 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
146 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 146 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
147 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: 147 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
(...skipping 297 matching lines...) Expand 10 before | Expand all | Expand 10 after
445 it != intermediate_ca_certs_.end(); ++it) { 445 it != intermediate_ca_certs_.end(); ++it) {
446 if (!sk_X509_push(intermediates.get(), *it)) 446 if (!sk_X509_push(intermediates.get(), *it))
447 return ERR_OUT_OF_MEMORY; 447 return ERR_OUT_OF_MEMORY;
448 } 448 }
449 int rv = X509_STORE_CTX_init(ctx.get(), cert_store(), 449 int rv = X509_STORE_CTX_init(ctx.get(), cert_store(),
450 cert_handle_, intermediates.get()); 450 cert_handle_, intermediates.get());
451 CHECK_EQ(1, rv); 451 CHECK_EQ(1, rv);
452 452
453 if (X509_verify_cert(ctx.get()) != 1) { 453 if (X509_verify_cert(ctx.get()) != 1) {
454 int x509_error = X509_STORE_CTX_get_error(ctx.get()); 454 int x509_error = X509_STORE_CTX_get_error(ctx.get());
455 int cert_status = MapCertErrorToCertStatus(x509_error); 455 CertStatus cert_status = MapCertErrorToCertStatus(x509_error);
456 LOG(ERROR) << "X509 Verification error " 456 LOG(ERROR) << "X509 Verification error "
457 << X509_verify_cert_error_string(x509_error) 457 << X509_verify_cert_error_string(x509_error)
458 << " : " << x509_error 458 << " : " << x509_error
459 << " : " << X509_STORE_CTX_get_error_depth(ctx.get()) 459 << " : " << X509_STORE_CTX_get_error_depth(ctx.get())
460 << " : " << cert_status; 460 << " : " << cert_status;
461 verify_result->cert_status |= cert_status; 461 verify_result->cert_status |= cert_status;
462 } 462 }
463 463
464 if (IsCertStatusError(verify_result->cert_status)) 464 if (IsCertStatusError(verify_result->cert_status))
465 return MapCertStatusToNetError(verify_result->cert_status); 465 return MapCertStatusToNetError(verify_result->cert_status);
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
553 DERCache der_cache; 553 DERCache der_cache;
554 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) 554 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache))
555 return false; 555 return false;
556 556
557 return pickle->WriteData( 557 return pickle->WriteData(
558 reinterpret_cast<const char*>(der_cache.data), 558 reinterpret_cast<const char*>(der_cache.data),
559 der_cache.data_length); 559 der_cache.data_length);
560 } 560 }
561 561
562 } // namespace net 562 } // namespace net
OLDNEW
« net/base/cert_status_flags.h ('K') | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698