OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <errno.h> | 10 #include <errno.h> |
(...skipping 1204 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1215 if (sct_list_len > 0) | 1215 if (sct_list_len > 0) |
1216 sct_list.assign(reinterpret_cast<const char*>(sct_list_raw), sct_list_len); | 1216 sct_list.assign(reinterpret_cast<const char*>(sct_list_raw), sct_list_len); |
1217 | 1217 |
1218 // Note that this is a completely synchronous operation: The CT Log Verifier | 1218 // Note that this is a completely synchronous operation: The CT Log Verifier |
1219 // gets all the data it needs for SCT verification and does not do any | 1219 // gets all the data it needs for SCT verification and does not do any |
1220 // external communication. | 1220 // external communication. |
1221 cert_transparency_verifier_->Verify( | 1221 cert_transparency_verifier_->Verify( |
1222 server_cert_verify_result_.verified_cert.get(), ocsp_response, sct_list, | 1222 server_cert_verify_result_.verified_cert.get(), ocsp_response, sct_list, |
1223 &ct_verify_result_, net_log_); | 1223 &ct_verify_result_, net_log_); |
1224 | 1224 |
1225 if (!policy_enforcer_) { | 1225 if (policy_enforcer_) { |
1226 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | |
1227 } else { | |
1228 if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { | 1226 if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { |
Ryan Sleevi
2015/06/26 14:16:17
Ditto consolidation
| |
1229 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = | 1227 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
1230 SSLConfigService::GetEVCertsWhitelist(); | 1228 SSLConfigService::GetEVCertsWhitelist(); |
1231 if (!policy_enforcer_->DoesConformToCTEVPolicy( | 1229 if (!policy_enforcer_->DoesConformToCTEVPolicy( |
1232 server_cert_verify_result_.verified_cert.get(), | 1230 server_cert_verify_result_.verified_cert.get(), |
1233 ev_whitelist.get(), ct_verify_result_, net_log_)) { | 1231 ev_whitelist.get(), ct_verify_result_, net_log_)) { |
1234 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 | 1232 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 |
1235 VLOG(1) << "EV certificate for " | 1233 VLOG(1) << "EV certificate for " |
1236 << server_cert_verify_result_.verified_cert->subject() | 1234 << server_cert_verify_result_.verified_cert->subject() |
1237 .GetDisplayName() | 1235 .GetDisplayName() |
1238 << " does not conform to CT policy, removing EV status."; | 1236 << " does not conform to CT policy, removing EV status."; |
(...skipping 682 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1921 | 1919 |
1922 NextProto next_proto = NextProtoFromString(npn_proto_); | 1920 NextProto next_proto = NextProtoFromString(npn_proto_); |
1923 for (NextProto allowed : ssl_config_.renego_allowed_for_protos) { | 1921 for (NextProto allowed : ssl_config_.renego_allowed_for_protos) { |
1924 if (next_proto == allowed) | 1922 if (next_proto == allowed) |
1925 return true; | 1923 return true; |
1926 } | 1924 } |
1927 return false; | 1925 return false; |
1928 } | 1926 } |
1929 | 1927 |
1930 } // namespace net | 1928 } // namespace net |
OLD | NEW |