Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(87)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_nss.cc

Issue 7995014: Revert 102322 - For the SSL cert status, convert anonymous enum that gives bit values into a type... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/x509_certificate_mac.cc ('k') | net/base/x509_certificate_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <cryptohi.h> 8 #include <cryptohi.h>
9 #include <keyhi.h> 9 #include <keyhi.h>
10 #include <nss.h> 10 #include <nss.h>
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after
165 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: 165 case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
166 case SEC_ERROR_EXTENSION_VALUE_INVALID: 166 case SEC_ERROR_EXTENSION_VALUE_INVALID:
167 return ERR_CERT_INVALID; 167 return ERR_CERT_INVALID;
168 default: 168 default:
169 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; 169 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED";
170 return ERR_FAILED; 170 return ERR_FAILED;
171 } 171 }
172 } 172 }
173 173
174 // Map PORT_GetError() return values to our cert status flags. 174 // Map PORT_GetError() return values to our cert status flags.
175 CertStatus MapCertErrorToCertStatus(int err) { 175 int MapCertErrorToCertStatus(int err) {
176 switch (err) { 176 switch (err) {
177 case SSL_ERROR_BAD_CERT_DOMAIN: 177 case SSL_ERROR_BAD_CERT_DOMAIN:
178 return CERT_STATUS_COMMON_NAME_INVALID; 178 return CERT_STATUS_COMMON_NAME_INVALID;
179 case SEC_ERROR_INVALID_TIME: 179 case SEC_ERROR_INVALID_TIME:
180 case SEC_ERROR_EXPIRED_CERTIFICATE: 180 case SEC_ERROR_EXPIRED_CERTIFICATE:
181 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: 181 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
182 return CERT_STATUS_DATE_INVALID; 182 return CERT_STATUS_DATE_INVALID;
183 case SEC_ERROR_UNKNOWN_ISSUER: 183 case SEC_ERROR_UNKNOWN_ISSUER:
184 case SEC_ERROR_UNTRUSTED_ISSUER: 184 case SEC_ERROR_UNTRUSTED_ISSUER:
185 case SEC_ERROR_CA_CERT_INVALID: 185 case SEC_ERROR_CA_CERT_INVALID:
(...skipping 759 matching lines...) Expand 10 before | Expand all | Expand 10 after
945 flags &= ~VERIFY_EV_CERT; 945 flags &= ~VERIFY_EV_CERT;
946 } 946 }
947 status = PKIXVerifyCert(cert_handle_, check_revocation, NULL, 0, cvout); 947 status = PKIXVerifyCert(cert_handle_, check_revocation, NULL, 0, cvout);
948 if (status != SECSuccess) { 948 if (status != SECSuccess) {
949 int err = PORT_GetError(); 949 int err = PORT_GetError();
950 LOG(ERROR) << "CERT_PKIXVerifyCert for " << hostname 950 LOG(ERROR) << "CERT_PKIXVerifyCert for " << hostname
951 << " failed err=" << err; 951 << " failed err=" << err;
952 // CERT_PKIXVerifyCert rerports the wrong error code for 952 // CERT_PKIXVerifyCert rerports the wrong error code for
953 // expired certificates (NSS bug 491174) 953 // expired certificates (NSS bug 491174)
954 if (err == SEC_ERROR_CERT_NOT_VALID && 954 if (err == SEC_ERROR_CERT_NOT_VALID &&
955 (verify_result->cert_status & CERT_STATUS_DATE_INVALID)) 955 (verify_result->cert_status & CERT_STATUS_DATE_INVALID) != 0)
956 err = SEC_ERROR_EXPIRED_CERTIFICATE; 956 err = SEC_ERROR_EXPIRED_CERTIFICATE;
957 CertStatus cert_status = MapCertErrorToCertStatus(err); 957 int cert_status = MapCertErrorToCertStatus(err);
958 if (cert_status) { 958 if (cert_status) {
959 verify_result->cert_status |= cert_status; 959 verify_result->cert_status |= cert_status;
960 return MapCertStatusToNetError(verify_result->cert_status); 960 return MapCertStatusToNetError(verify_result->cert_status);
961 } 961 }
962 // |err| is not a certificate error. 962 // |err| is not a certificate error.
963 return MapSecurityError(err); 963 return MapSecurityError(err);
964 } 964 }
965 965
966 GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain, 966 GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain,
967 cvout[cvout_trust_anchor_index].value.pointer.cert, 967 cvout[cvout_trust_anchor_index].value.pointer.cert,
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after
1149 1149
1150 // static 1150 // static
1151 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, 1151 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
1152 Pickle* pickle) { 1152 Pickle* pickle) {
1153 return pickle->WriteData( 1153 return pickle->WriteData(
1154 reinterpret_cast<const char*>(cert_handle->derCert.data), 1154 reinterpret_cast<const char*>(cert_handle->derCert.data),
1155 cert_handle->derCert.len); 1155 cert_handle->derCert.len);
1156 } 1156 }
1157 1157
1158 } // namespace net 1158 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate_mac.cc ('k') | net/base/x509_certificate_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698