Chromium Code Reviews Chromium Code Reviews
Issue 8342054:
net: enable CRL sets behind a command line flag. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: net/base/cert_verifier.cc |
| diff --git a/net/base/cert_verifier.cc b/net/base/cert_verifier.cc |
| index efdee5274dd69642003fcc42b7c54256154b8aa0..18b000fb3e64fec8144f145642e086dec94ff7e5 100644 |
| --- a/net/base/cert_verifier.cc |
| +++ b/net/base/cert_verifier.cc |
| @@ -12,6 +12,7 @@ |
| #include "base/synchronization/lock.h" |
| #include "base/time.h" |
| #include "base/threading/worker_pool.h" |
| +#include "net/base/crl_set.h" |
| #include "net/base/net_errors.h" |
| #include "net/base/net_log.h" |
| #include "net/base/x509_certificate.h" |
| @@ -141,10 +142,12 @@ class CertVerifierWorker { |
| CertVerifierWorker(X509Certificate* cert, |
| const std::string& hostname, |
| int flags, |
| + CRLSet* crl_set, |
| CertVerifier* cert_verifier) |
| : cert_(cert), |
| hostname_(hostname), |
| flags_(flags), |
| + crl_set_(crl_set), |
| origin_loop_(MessageLoop::current()), |
| cert_verifier_(cert_verifier), |
| canceled_(false), |
| @@ -170,7 +173,8 @@ class CertVerifierWorker { |
| private: |
| void Run() { |
| // Runs on a worker thread. |
| - error_ = cert_->Verify(hostname_, flags_, &verify_result_); |
| + error_ = cert_->Verify(hostname_, flags_, &verify_result_, |
| + crl_set_.get()); |
|
wtc
2011/10/21 23:17:31
Nit: omit .get().
agl
2011/10/24 20:44:27
Done.
|
| #if defined(USE_NSS) |
| // Detach the thread from NSPR. |
| // Calling NSS functions attaches the thread to NSPR, which stores |
| @@ -229,6 +233,7 @@ class CertVerifierWorker { |
| scoped_refptr<X509Certificate> cert_; |
| const std::string hostname_; |
| const int flags_; |
| + scoped_refptr<CRLSet> crl_set_; |
| MessageLoop* const origin_loop_; |
| CertVerifier* const cert_verifier_; |
| @@ -344,6 +349,7 @@ CertVerifier::~CertVerifier() { |
| int CertVerifier::Verify(X509Certificate* cert, |
| const std::string& hostname, |
| int flags, |
| + CRLSet* crl_set, |
| CertVerifyResult* verify_result, |
| const CompletionCallback& callback, |
| RequestHandle* out_req, |
| @@ -384,7 +390,7 @@ int CertVerifier::Verify(X509Certificate* cert, |
| } else { |
| // Need to make a new request. |
| CertVerifierWorker* worker = new CertVerifierWorker(cert, hostname, flags, |
| - this); |
| + crl_set, this); |
| job = new CertVerifierJob( |
| worker, |
| BoundNetLog::Make(net_log.net_log(), NetLog::SOURCE_CERT_VERIFIER_JOB)); |
| @@ -501,6 +507,7 @@ SingleRequestCertVerifier::~SingleRequestCertVerifier() { |
| int SingleRequestCertVerifier::Verify(X509Certificate* cert, |
| const std::string& hostname, |
| int flags, |
| + CRLSet* crl_set, |
| CertVerifyResult* verify_result, |
| const CompletionCallback& callback, |
| const BoundNetLog& net_log) { |
| @@ -509,14 +516,14 @@ int SingleRequestCertVerifier::Verify(X509Certificate* cert, |
| // Do a synchronous verification. |
| if (callback.is_null()) |
| - return cert->Verify(hostname, flags, verify_result); |
| + return cert->Verify(hostname, flags, verify_result, crl_set); |
| CertVerifier::RequestHandle request = NULL; |
| // We need to be notified of completion before |callback| is called, so that |
| // we can clear out |cur_request_*|. |
| int rv = cert_verifier_->Verify( |
| - cert, hostname, flags, verify_result, |
| + cert, hostname, flags, crl_set, verify_result, |
| base::Bind(&SingleRequestCertVerifier::OnVerifyCompletion, |
| base::Unretained(this)), |
| &request, net_log); |
