Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(708)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/net/cert_verify_proc_chromeos.cc

Issue 1081913003: Route OCSP stapling through CertVerifier. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@boringnss
Patch Set: yet another CrOS-only Verify call Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/chromeos/net/cert_verify_proc_chromeos.h ('k') | chrome/browser/chromeos/net/cert_verify_proc_chromeos_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" 5 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h"
6 6
7 #include "net/cert/test_root_certs.h" 7 #include "net/cert/test_root_certs.h"
8 #include "net/cert/x509_certificate.h" 8 #include "net/cert/x509_certificate.h"
9 9
10 // NSS doesn't currently define CERT_LIST_TAIL. 10 // NSS doesn't currently define CERT_LIST_TAIL.
(...skipping 22 matching lines...) Expand all
33 // trust settings are stored. 33 // trust settings are stored.
34 profile_filter_.Init( 34 profile_filter_.Init(
35 public_slot.Pass(), crypto::ScopedPK11Slot(), crypto::ScopedPK11Slot()); 35 public_slot.Pass(), crypto::ScopedPK11Slot(), crypto::ScopedPK11Slot());
36 } 36 }
37 37
38 CertVerifyProcChromeOS::~CertVerifyProcChromeOS() {} 38 CertVerifyProcChromeOS::~CertVerifyProcChromeOS() {}
39 39
40 int CertVerifyProcChromeOS::VerifyInternal( 40 int CertVerifyProcChromeOS::VerifyInternal(
41 net::X509Certificate* cert, 41 net::X509Certificate* cert,
42 const std::string& hostname, 42 const std::string& hostname,
43 const std::string& ocsp_response,
43 int flags, 44 int flags,
44 net::CRLSet* crl_set, 45 net::CRLSet* crl_set,
45 const net::CertificateList& additional_trust_anchors, 46 const net::CertificateList& additional_trust_anchors,
46 net::CertVerifyResult* verify_result) { 47 net::CertVerifyResult* verify_result) {
47 ChainVerifyArgs chain_verify_args = {this, additional_trust_anchors}; 48 ChainVerifyArgs chain_verify_args = {this, additional_trust_anchors};
48 49
49 CERTChainVerifyCallback chain_verify_callback; 50 CERTChainVerifyCallback chain_verify_callback;
50 chain_verify_callback.isChainValid = 51 chain_verify_callback.isChainValid =
51 &CertVerifyProcChromeOS::IsChainValidFunc; 52 &CertVerifyProcChromeOS::IsChainValidFunc;
52 chain_verify_callback.isChainValidArg = 53 chain_verify_callback.isChainValidArg =
53 static_cast<void*>(&chain_verify_args); 54 static_cast<void*>(&chain_verify_args);
54 55
55 return VerifyInternalImpl(cert, 56 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set,
56 hostname, 57 additional_trust_anchors, &chain_verify_callback,
57 flags,
58 crl_set,
59 additional_trust_anchors,
60 &chain_verify_callback,
61 verify_result); 58 verify_result);
62 } 59 }
63 60
64 // static 61 // static
65 SECStatus CertVerifyProcChromeOS::IsChainValidFunc( 62 SECStatus CertVerifyProcChromeOS::IsChainValidFunc(
66 void* is_chain_valid_arg, 63 void* is_chain_valid_arg,
67 const CERTCertList* current_chain, 64 const CERTCertList* current_chain,
68 PRBool* chain_ok) { 65 PRBool* chain_ok) {
69 ChainVerifyArgs* args = static_cast<ChainVerifyArgs*>(is_chain_valid_arg); 66 ChainVerifyArgs* args = static_cast<ChainVerifyArgs*>(is_chain_valid_arg);
70 CERTCertificate* cert = CERT_LIST_TAIL(current_chain)->cert; 67 CERTCertificate* cert = CERT_LIST_TAIL(current_chain)->cert;
(...skipping 26 matching lines...) Expand all
97 // properly when the same cert is in multiple slots, this would also need 94 // properly when the same cert is in multiple slots, this would also need
98 // updating to check the per-slot trust values. 95 // updating to check the per-slot trust values.
99 *chain_ok = args->cert_verify_proc->profile_filter_.IsCertAllowed(cert) 96 *chain_ok = args->cert_verify_proc->profile_filter_.IsCertAllowed(cert)
100 ? PR_TRUE 97 ? PR_TRUE
101 : PR_FALSE; 98 : PR_FALSE;
102 DVLOG(3) << cert->subjectName << " is " << (*chain_ok ? "ok" : "not ok"); 99 DVLOG(3) << cert->subjectName << " is " << (*chain_ok ? "ok" : "not ok");
103 return SECSuccess; 100 return SECSuccess;
104 } 101 }
105 102
106 } // namespace chromeos 103 } // namespace chromeos
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/net/cert_verify_proc_chromeos.h ('k') | chrome/browser/chromeos/net/cert_verify_proc_chromeos_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698