Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(64)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_openssl.cc

Issue 7969023: For the SSL cert status, convert anonymous enum that gives bit values into a typedefed uint32. Th... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <openssl/asn1.h> 7 #include <openssl/asn1.h>
8 #include <openssl/crypto.h> 8 #include <openssl/crypto.h>
9 #include <openssl/obj_mac.h> 9 #include <openssl/obj_mac.h>
10 #include <openssl/pem.h> 10 #include <openssl/pem.h>
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
127 LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len; 127 LOG(WARNING) << "Bad sized IP Address in cert: " << ip_addr_len;
128 continue; 128 continue;
129 } 129 }
130 ip_addresses->push_back( 130 ip_addresses->push_back(
131 std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len)); 131 std::string(reinterpret_cast<const char*>(ip_addr), ip_addr_len));
132 } 132 }
133 } 133 }
134 } 134 }
135 135
136 // Maps X509_STORE_CTX_get_error() return values to our cert status flags. 136 // Maps X509_STORE_CTX_get_error() return values to our cert status flags.
137 int MapCertErrorToCertStatus(int err) { 137 CertStatus MapCertErrorToCertStatus(int err) {
138 switch (err) { 138 switch (err) {
139 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: 139 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
140 return CERT_STATUS_COMMON_NAME_INVALID; 140 return CERT_STATUS_COMMON_NAME_INVALID;
141 case X509_V_ERR_CERT_NOT_YET_VALID: 141 case X509_V_ERR_CERT_NOT_YET_VALID:
142 case X509_V_ERR_CERT_HAS_EXPIRED: 142 case X509_V_ERR_CERT_HAS_EXPIRED:
143 case X509_V_ERR_CRL_NOT_YET_VALID: 143 case X509_V_ERR_CRL_NOT_YET_VALID:
144 case X509_V_ERR_CRL_HAS_EXPIRED: 144 case X509_V_ERR_CRL_HAS_EXPIRED:
145 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 145 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
146 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 146 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
147 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: 147 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
(...skipping 308 matching lines...) Expand 10 before | Expand all | Expand 10 after
456 it != intermediate_ca_certs_.end(); ++it) { 456 it != intermediate_ca_certs_.end(); ++it) {
457 if (!sk_X509_push(intermediates.get(), *it)) 457 if (!sk_X509_push(intermediates.get(), *it))
458 return ERR_OUT_OF_MEMORY; 458 return ERR_OUT_OF_MEMORY;
459 } 459 }
460 int rv = X509_STORE_CTX_init(ctx.get(), cert_store(), 460 int rv = X509_STORE_CTX_init(ctx.get(), cert_store(),
461 cert_handle_, intermediates.get()); 461 cert_handle_, intermediates.get());
462 CHECK_EQ(1, rv); 462 CHECK_EQ(1, rv);
463 463
464 if (X509_verify_cert(ctx.get()) != 1) { 464 if (X509_verify_cert(ctx.get()) != 1) {
465 int x509_error = X509_STORE_CTX_get_error(ctx.get()); 465 int x509_error = X509_STORE_CTX_get_error(ctx.get());
466 int cert_status = MapCertErrorToCertStatus(x509_error); 466 CertStatus cert_status = MapCertErrorToCertStatus(x509_error);
467 LOG(ERROR) << "X509 Verification error " 467 LOG(ERROR) << "X509 Verification error "
468 << X509_verify_cert_error_string(x509_error) 468 << X509_verify_cert_error_string(x509_error)
469 << " : " << x509_error 469 << " : " << x509_error
470 << " : " << X509_STORE_CTX_get_error_depth(ctx.get()) 470 << " : " << X509_STORE_CTX_get_error_depth(ctx.get())
471 << " : " << cert_status; 471 << " : " << cert_status;
472 verify_result->cert_status |= cert_status; 472 verify_result->cert_status |= cert_status;
473 } 473 }
474 474
475 if (IsCertStatusError(verify_result->cert_status)) 475 if (IsCertStatusError(verify_result->cert_status))
476 return MapCertStatusToNetError(verify_result->cert_status); 476 return MapCertStatusToNetError(verify_result->cert_status);
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
564 DERCache der_cache; 564 DERCache der_cache;
565 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) 565 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache))
566 return false; 566 return false;
567 567
568 return pickle->WriteData( 568 return pickle->WriteData(
569 reinterpret_cast<const char*>(der_cache.data), 569 reinterpret_cast<const char*>(der_cache.data),
570 der_cache.data_length); 570 der_cache.data_length);
571 } 571 }
572 572
573 } // namespace net 573 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698