| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <map> | 10 #include <map> |
| (...skipping 566 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 577 !(pattern_begin.empty() && pattern_end.empty())) | 577 !(pattern_begin.empty() && pattern_end.empty())) |
| 578 continue; | 578 continue; |
| 579 | 579 |
| 580 if (reference_host.starts_with(pattern_begin) && | 580 if (reference_host.starts_with(pattern_begin) && |
| 581 reference_host.ends_with(pattern_end)) | 581 reference_host.ends_with(pattern_end)) |
| 582 return true; | 582 return true; |
| 583 } | 583 } |
| 584 return false; | 584 return false; |
| 585 } | 585 } |
| 586 | 586 |
| 587 int X509Certificate::Verify(const std::string& hostname, int flags, | 587 int X509Certificate::Verify(const std::string& hostname, |
| 588 CertVerifyResult* verify_result) const { | 588 int flags, |
| 589 CertVerifyResult* verify_result, |
| 590 CRLSet* crl_set) const { |
| 589 verify_result->Reset(); | 591 verify_result->Reset(); |
| 590 verify_result->verified_cert = const_cast<X509Certificate*>(this); | 592 verify_result->verified_cert = const_cast<X509Certificate*>(this); |
| 591 | 593 |
| 592 if (IsBlacklisted()) { | 594 if (IsBlacklisted()) { |
| 593 verify_result->cert_status |= CERT_STATUS_REVOKED; | 595 verify_result->cert_status |= CERT_STATUS_REVOKED; |
| 594 return ERR_CERT_REVOKED; | 596 return ERR_CERT_REVOKED; |
| 595 } | 597 } |
| 596 | 598 |
| 597 int rv = VerifyInternal(hostname, flags, verify_result); | 599 int rv = VerifyInternal(hostname, flags, verify_result, crl_set); |
| 598 | 600 |
| 599 // This check is done after VerifyInternal so that VerifyInternal can fill in | 601 // This check is done after VerifyInternal so that VerifyInternal can fill in |
| 600 // the list of public key hashes. | 602 // the list of public key hashes. |
| 601 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { | 603 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { |
| 602 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; | 604 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; |
| 603 rv = MapCertStatusToNetError(verify_result->cert_status); | 605 rv = MapCertStatusToNetError(verify_result->cert_status); |
| 604 } | 606 } |
| 605 | 607 |
| 606 return rv; | 608 return rv; |
| 607 } | 609 } |
| (...skipping 394 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1002 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, | 1004 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, |
| 1003 const uint8* array, | 1005 const uint8* array, |
| 1004 size_t array_byte_len) { | 1006 size_t array_byte_len) { |
| 1005 DCHECK_EQ(0u, array_byte_len % base::kSHA1Length); | 1007 DCHECK_EQ(0u, array_byte_len % base::kSHA1Length); |
| 1006 const size_t arraylen = array_byte_len / base::kSHA1Length; | 1008 const size_t arraylen = array_byte_len / base::kSHA1Length; |
| 1007 return NULL != bsearch(hash.data, array, arraylen, base::kSHA1Length, | 1009 return NULL != bsearch(hash.data, array, arraylen, base::kSHA1Length, |
| 1008 CompareSHA1Hashes); | 1010 CompareSHA1Hashes); |
| 1009 } | 1011 } |
| 1010 | 1012 |
| 1011 } // namespace net | 1013 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8342054:
net: enable CRL sets behind a command line flag. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src