| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 1061 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1072 | 1072 |
| 1073 // When running in a sandbox, it may not be possible to create an | 1073 // When running in a sandbox, it may not be possible to create an |
| 1074 // X509Certificate*, as that may depend on OS functionality blocked | 1074 // X509Certificate*, as that may depend on OS functionality blocked |
| 1075 // in the sandbox. | 1075 // in the sandbox. |
| 1076 if (!server_cert_.get()) { | 1076 if (!server_cert_.get()) { |
| 1077 server_cert_verify_result_.Reset(); | 1077 server_cert_verify_result_.Reset(); |
| 1078 server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; | 1078 server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; |
| 1079 return ERR_CERT_INVALID; | 1079 return ERR_CERT_INVALID; |
| 1080 } | 1080 } |
| 1081 | 1081 |
| 1082 if (!cert_verifier_) { |
| 1083 // Without a CertVerifier, all certificates are invalid. |
| 1084 server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; |
| 1085 return ERR_CERT_INVALID; |
| 1086 } |
| 1087 |
| 1082 start_cert_verification_time_ = base::TimeTicks::Now(); | 1088 start_cert_verification_time_ = base::TimeTicks::Now(); |
| 1083 | 1089 |
| 1084 int flags = 0; | 1090 int flags = 0; |
| 1085 if (ssl_config_.rev_checking_enabled) | 1091 if (ssl_config_.rev_checking_enabled) |
| 1086 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; | 1092 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; |
| 1087 if (ssl_config_.verify_ev_cert) | 1093 if (ssl_config_.verify_ev_cert) |
| 1088 flags |= CertVerifier::VERIFY_EV_CERT; | 1094 flags |= CertVerifier::VERIFY_EV_CERT; |
| 1089 if (ssl_config_.cert_io_enabled) | 1095 if (ssl_config_.cert_io_enabled) |
| 1090 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; | 1096 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; |
| 1091 if (ssl_config_.rev_checking_required_local_anchors) | 1097 if (ssl_config_.rev_checking_required_local_anchors) |
| (...skipping 826 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1918 | 1924 |
| 1919 return result; | 1925 return result; |
| 1920 } | 1926 } |
| 1921 | 1927 |
| 1922 scoped_refptr<X509Certificate> | 1928 scoped_refptr<X509Certificate> |
| 1923 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1929 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1924 return server_cert_; | 1930 return server_cert_; |
| 1925 } | 1931 } |
| 1926 | 1932 |
| 1927 } // namespace net | 1933 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1103603003:
Gracefully handle NULL CertVerifiers in SSLClientSocket. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@boringnss