OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 3083 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3094 // purposes. See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and | 3094 // purposes. See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and |
3095 // http://crbug.com/15630 for more info. | 3095 // http://crbug.com/15630 for more info. |
3096 | 3096 |
3097 const CertStatus cert_status = server_cert_verify_result_.cert_status; | 3097 const CertStatus cert_status = server_cert_verify_result_.cert_status; |
3098 if (transport_security_state_ && | 3098 if (transport_security_state_ && |
3099 (result == OK || | 3099 (result == OK || |
3100 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 3100 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
3101 !transport_security_state_->CheckPublicKeyPins( | 3101 !transport_security_state_->CheckPublicKeyPins( |
3102 host_and_port_.host(), | 3102 host_and_port_.host(), |
3103 server_cert_verify_result_.is_issued_by_known_root, | 3103 server_cert_verify_result_.is_issued_by_known_root, |
3104 server_cert_verify_result_.public_key_hashes, | 3104 server_cert_verify_result_.public_key_hashes, host_and_port_.port(), |
| 3105 core_->state().server_cert, server_cert_verify_result_.verified_cert, |
| 3106 TransportSecurityState::SEND_PUBLIC_KEY_PIN_REPORT, |
3105 &pinning_failure_log_)) { | 3107 &pinning_failure_log_)) { |
3106 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 3108 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
3107 } | 3109 } |
3108 | 3110 |
3109 if (result == OK) { | 3111 if (result == OK) { |
3110 // Only check Certificate Transparency if there were no other errors with | 3112 // Only check Certificate Transparency if there were no other errors with |
3111 // the connection. | 3113 // the connection. |
3112 VerifyCT(); | 3114 VerifyCT(); |
3113 | 3115 |
3114 // Only cache the session if the certificate verified successfully. | 3116 // Only cache the session if the certificate verified successfully. |
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3195 return channel_id_service_; | 3197 return channel_id_service_; |
3196 } | 3198 } |
3197 | 3199 |
3198 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { | 3200 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { |
3199 if (completed_handshake_) | 3201 if (completed_handshake_) |
3200 return SSL_FAILURE_NONE; | 3202 return SSL_FAILURE_NONE; |
3201 return SSL_FAILURE_UNKNOWN; | 3203 return SSL_FAILURE_UNKNOWN; |
3202 } | 3204 } |
3203 | 3205 |
3204 } // namespace net | 3206 } // namespace net |
OLD | NEW |