Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(307)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_win.cc

Issue 1081913003: Route OCSP stapling through CertVerifier. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@boringnss
Patch Set: Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_verify_proc_win.h ('k') | net/cert/mock_cert_verifier.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_win.h" 5 #include "net/cert/cert_verify_proc_win.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/memory/scoped_ptr.h" 10 #include "base/memory/scoped_ptr.h"
(...skipping 541 matching lines...) Expand 10 before | Expand all | Expand 10 after
552 } // namespace 552 } // namespace
553 553
554 CertVerifyProcWin::CertVerifyProcWin() {} 554 CertVerifyProcWin::CertVerifyProcWin() {}
555 555
556 CertVerifyProcWin::~CertVerifyProcWin() {} 556 CertVerifyProcWin::~CertVerifyProcWin() {}
557 557
558 bool CertVerifyProcWin::SupportsAdditionalTrustAnchors() const { 558 bool CertVerifyProcWin::SupportsAdditionalTrustAnchors() const {
559 return false; 559 return false;
560 } 560 }
561 561
562 bool CertVerifyProcWin::SupportsOCSPStapling() const {
563 // CERT_OCSP_RESPONSE_PROP_ID is only implemented on Vista+, but it can be
564 // set on Windows XP without error. There is some overhead from the server
565 // sending the OCSP response if it supports the extension, for the subset of
566 // XP clients who will request it but be unable to use it, but this is an
567 // acceptable trade-off for simplicity of implementation.
568 return true;
569 }
570
562 int CertVerifyProcWin::VerifyInternal( 571 int CertVerifyProcWin::VerifyInternal(
563 X509Certificate* cert, 572 X509Certificate* cert,
564 const std::string& hostname, 573 const std::string& hostname,
574 const std::string& ocsp_response,
565 int flags, 575 int flags,
566 CRLSet* crl_set, 576 CRLSet* crl_set,
567 const CertificateList& additional_trust_anchors, 577 const CertificateList& additional_trust_anchors,
568 CertVerifyResult* verify_result) { 578 CertVerifyResult* verify_result) {
569 PCCERT_CONTEXT cert_handle = cert->os_cert_handle(); 579 PCCERT_CONTEXT cert_handle = cert->os_cert_handle();
570 if (!cert_handle) 580 if (!cert_handle)
571 return ERR_UNEXPECTED; 581 return ERR_UNEXPECTED;
572 582
583 // Attach the OCSP response to the certificate.
584 if (!ocsp_response.empty()) {
585 CRYPT_DATA_BLOB ocsp_response_blob;
586 ocsp_response_blob.cbData = ocsp_response.size();
587 ocsp_response_blob.pbData =
588 reinterpret_cast<BYTE*>(const_cast<char*>(ocsp_response.data()));
589 BOOL ok = CertSetCertificateContextProperty(
590 cert_handle, CERT_OCSP_RESPONSE_PROP_ID,
591 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG, &ocsp_response_blob);
592 if (!ok) {
593 VLOG(1) << "Failed to set OCSP response property: " << GetLastError();
594 }
595 }
Ryan Sleevi 2015/04/22 22:53:37 Move this down to line 659 and your problems go aw
davidben 2015/04/23 01:02:32 Done.
596
573 // Build and validate certificate chain. 597 // Build and validate certificate chain.
574 CERT_CHAIN_PARA chain_para; 598 CERT_CHAIN_PARA chain_para;
575 memset(&chain_para, 0, sizeof(chain_para)); 599 memset(&chain_para, 0, sizeof(chain_para));
576 chain_para.cbSize = sizeof(chain_para); 600 chain_para.cbSize = sizeof(chain_para);
577 // ExtendedKeyUsage. 601 // ExtendedKeyUsage.
578 // We still need to request szOID_SERVER_GATED_CRYPTO and szOID_SGC_NETSCAPE 602 // We still need to request szOID_SERVER_GATED_CRYPTO and szOID_SGC_NETSCAPE
579 // today because some certificate chains need them. IE also requests these 603 // today because some certificate chains need them. IE also requests these
580 // two usages. 604 // two usages.
581 static const LPCSTR usage[] = { 605 static const LPCSTR usage[] = {
582 szOID_PKIX_KP_SERVER_AUTH, 606 szOID_PKIX_KP_SERVER_AUTH,
(...skipping 220 matching lines...) Expand 10 before | Expand all | Expand 10 after
803 return MapCertStatusToNetError(verify_result->cert_status); 827 return MapCertStatusToNetError(verify_result->cert_status);
804 828
805 if (ev_policy_oid && 829 if (ev_policy_oid &&
806 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { 830 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) {
807 verify_result->cert_status |= CERT_STATUS_IS_EV; 831 verify_result->cert_status |= CERT_STATUS_IS_EV;
808 } 832 }
809 return OK; 833 return OK;
810 } 834 }
811 835
812 } // namespace net 836 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc_win.h ('k') | net/cert/mock_cert_verifier.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698