net/base/cert_verify_proc_android.cc - Issue 11570019: Fix a glitch in disentanglement of CertVerifyProc(OpenSSL/Android)

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/base/cert_verify_proc_android.cc

Issue 11570019: Fix a glitch in disentanglement of CertVerifyProc(OpenSSL/Android) (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: Created 8 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/cert_verify_proc_android.h"	5 #include "net/base/cert_verify_proc_android.h"

6	6

7 #include <string>	7 #include <string>

8 #include <vector>	8 #include <vector>

9	9

10 #include "base/logging.h"	10 #include "base/logging.h"

(...skipping 70 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
81 std::vector<std::string> cert_bytes;	81 std::vector<std::string> cert_bytes;

82 if (!GetChainDEREncodedBytes(cert, &cert_bytes))	82 if (!GetChainDEREncodedBytes(cert, &cert_bytes))

83 return ERR_CERT_INVALID;	83 return ERR_CERT_INVALID;

84 if (!VerifyFromAndroidTrustManager(cert_bytes, verify_result)) {	84 if (!VerifyFromAndroidTrustManager(cert_bytes, verify_result)) {

85 NOTREACHED();	85 NOTREACHED();

86 return ERR_FAILED;	86 return ERR_FAILED;

87 }	87 }

88 if (IsCertStatusError(verify_result->cert_status))	88 if (IsCertStatusError(verify_result->cert_status))

89 return MapCertStatusToNetError(verify_result->cert_status);	89 return MapCertStatusToNetError(verify_result->cert_status);

90	90

	91 // Android call does not provide information if the trust root at the end of

	92 // the constructed chain was standard or user-added CA, so we mark all

	93 // correctly verified certificates as issued by a known root.

	94 verify_result->is_issued_by_known_root = true;
	Ryan Sleevi 2012/12/14 18:22:07 blaaarghh This will need to be a system API featu blaaarghh This will need to be a system API feature request, otherwise getting the verified hashes back won't help much for pinning. ppi 2012/12/14 20:27:35 I edited the comment to mention the need of such s Show quoted text On 2012/12/14 18:22:07, Ryan Sleevi wrote: > blaaarghh > > This will need to be a system API feature request, otherwise getting the > verified hashes back won't help much for pinning. I edited the comment to mention the need of such support. joth 2012/12/14 20:30:01 A solution was discussed in b/5826113 (linked from Show quoted text On 2012/12/14 20:27:35, ppi wrote: > On 2012/12/14 18:22:07, Ryan Sleevi wrote: > > blaaarghh > > > > This will need to be a system API feature request, otherwise getting the > > verified hashes back won't help much for pinning. > > I edited the comment to mention the need of such support. A solution was discussed in b/5826113 (linked from the bug you reference below)
	95

	96 // TODO(ppi): Implement missing functionality of certificate verification:

	97 // providing the constructed trust chain (along with public key hashes of its

	98 // certificates). See also: crbug.com/116838
	Ryan Sleevi 2012/12/14 18:22:07 nit: http://-ify the link nit: http://-ify the link ppi 2012/12/14 20:27:35 Thanks, fixed. Show quoted text On 2012/12/14 18:22:07, Ryan Sleevi wrote: > nit: http://-ify the link Thanks, fixed.
91 return OK;	99 return OK;

92 }	100 }

93	101

94 } // namespace net	102 } // namespace net

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »