net/socket/ssl_client_socket_nss.cc - Issue 1103603003: Gracefully handle NULL CertVerifiers in SSLClientSocket.

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 1103603003: Gracefully handle NULL CertVerifiers in SSLClientSocket. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@boringnss

Patch Set: Created 5 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived	5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived

6 // from AuthCertificateCallback() in	6 // from AuthCertificateCallback() in

7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.	7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.

8	8

9 /* *** BEGIN LICENSE BLOCK ***	9 /* *** BEGIN LICENSE BLOCK ***

10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1	10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1

(...skipping 3073 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3084 }	3084 }

3085	3085

3086 // We may have failed to create X509Certificate object if we are	3086 // We may have failed to create X509Certificate object if we are

3087 // running inside sandbox.	3087 // running inside sandbox.

3088 if (!core_->state().server_cert.get()) {	3088 if (!core_->state().server_cert.get()) {

3089 server_cert_verify_result_.Reset();	3089 server_cert_verify_result_.Reset();

3090 server_cert_verify_result_.cert_status = CERT_STATUS_INVALID;	3090 server_cert_verify_result_.cert_status = CERT_STATUS_INVALID;

3091 return ERR_CERT_INVALID;	3091 return ERR_CERT_INVALID;

3092 }	3092 }

3093	3093

	3094 if (!cert_verifier_) {

	3095 // Without a CertVerifier, all certificates are invalid.

	3096 server_cert_verify_result_.cert_status = CERT_STATUS_INVALID;

	3097 return ERR_CERT_INVALID;

	3098 }

	3099

3094 start_cert_verification_time_ = base::TimeTicks::Now();	3100 start_cert_verification_time_ = base::TimeTicks::Now();

3095	3101

3096 int flags = 0;	3102 int flags = 0;

3097 if (ssl_config_.rev_checking_enabled)	3103 if (ssl_config_.rev_checking_enabled)

3098 flags \|= CertVerifier::VERIFY_REV_CHECKING_ENABLED;	3104 flags \|= CertVerifier::VERIFY_REV_CHECKING_ENABLED;

3099 if (ssl_config_.verify_ev_cert)	3105 if (ssl_config_.verify_ev_cert)

3100 flags \|= CertVerifier::VERIFY_EV_CERT;	3106 flags \|= CertVerifier::VERIFY_EV_CERT;

3101 if (ssl_config_.cert_io_enabled)	3107 if (ssl_config_.cert_io_enabled)

3102 flags \|= CertVerifier::VERIFY_CERT_IO_ENABLED;	3108 flags \|= CertVerifier::VERIFY_CERT_IO_ENABLED;

3103 if (ssl_config_.rev_checking_required_local_anchors)	3109 if (ssl_config_.rev_checking_required_local_anchors)

(...skipping 134 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3238 scoped_refptr<X509Certificate>	3244 scoped_refptr<X509Certificate>

3239 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {	3245 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {

3240 return core_->state().server_cert.get();	3246 return core_->state().server_cert.get();

3241 }	3247 }

3242	3248

3243 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {	3249 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {

3244 return channel_id_service_;	3250 return channel_id_service_;

3245 }	3251 }

3246	3252

3247 } // namespace net	3253 } // namespace net

OLD	NEW

« no previous file with comments | « no previous file | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »