Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(348)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc.cc

Issue 1081913003: Route OCSP stapling through CertVerifier. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@boringnss
Patch Set: yet another CrOS-only Verify call Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_verify_proc.h ('k') | net/cert/cert_verify_proc_android.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc.h" 5 #include "net/cert/cert_verify_proc.h"
6 6
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include "base/basictypes.h" 9 #include "base/basictypes.h"
10 #include "base/metrics/histogram.h" 10 #include "base/metrics/histogram.h"
(...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after
183 return NULL; 183 return NULL;
184 #endif 184 #endif
185 } 185 }
186 186
187 CertVerifyProc::CertVerifyProc() {} 187 CertVerifyProc::CertVerifyProc() {}
188 188
189 CertVerifyProc::~CertVerifyProc() {} 189 CertVerifyProc::~CertVerifyProc() {}
190 190
191 int CertVerifyProc::Verify(X509Certificate* cert, 191 int CertVerifyProc::Verify(X509Certificate* cert,
192 const std::string& hostname, 192 const std::string& hostname,
193 const std::string& ocsp_response,
193 int flags, 194 int flags,
194 CRLSet* crl_set, 195 CRLSet* crl_set,
195 const CertificateList& additional_trust_anchors, 196 const CertificateList& additional_trust_anchors,
196 CertVerifyResult* verify_result) { 197 CertVerifyResult* verify_result) {
197 verify_result->Reset(); 198 verify_result->Reset();
198 verify_result->verified_cert = cert; 199 verify_result->verified_cert = cert;
199 200
200 if (IsBlacklisted(cert)) { 201 if (IsBlacklisted(cert)) {
201 verify_result->cert_status |= CERT_STATUS_REVOKED; 202 verify_result->cert_status |= CERT_STATUS_REVOKED;
202 return ERR_CERT_REVOKED; 203 return ERR_CERT_REVOKED;
203 } 204 }
204 205
205 // We do online revocation checking for EV certificates that aren't covered 206 // We do online revocation checking for EV certificates that aren't covered
206 // by a fresh CRLSet. 207 // by a fresh CRLSet.
207 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully 208 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully
208 // disable revocation checking. 209 // disable revocation checking.
209 if (flags & CertVerifier::VERIFY_EV_CERT) 210 if (flags & CertVerifier::VERIFY_EV_CERT)
210 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY; 211 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY;
211 212
212 int rv = VerifyInternal(cert, hostname, flags, crl_set, 213 int rv = VerifyInternal(cert, hostname, ocsp_response, flags, crl_set,
213 additional_trust_anchors, verify_result); 214 additional_trust_anchors, verify_result);
214 215
215 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback", 216 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback",
216 verify_result->common_name_fallback_used); 217 verify_result->common_name_fallback_used);
217 if (!verify_result->is_issued_by_known_root) { 218 if (!verify_result->is_issued_by_known_root) {
218 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA", 219 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA",
219 verify_result->common_name_fallback_used); 220 verify_result->common_name_fallback_used);
220 } 221 }
221 222
222 // This check is done after VerifyInternal so that VerifyInternal can fill 223 // This check is done after VerifyInternal so that VerifyInternal can fill
(...skipping 447 matching lines...) Expand 10 before | Expand all | Expand 10 after
670 return true; 671 return true;
671 672
672 // For certificates issued after 1 April 2015: 39 months. 673 // For certificates issued after 1 April 2015: 39 months.
673 if (start >= time_2015_04_01 && month_diff > 39) 674 if (start >= time_2015_04_01 && month_diff > 39)
674 return true; 675 return true;
675 676
676 return false; 677 return false;
677 } 678 }
678 679
679 } // namespace net 680 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc.h ('k') | net/cert/cert_verify_proc_android.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698