| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code GetDefaultCertNickname(), derived from | 5 // This file includes code GetDefaultCertNickname(), derived from |
| 6 // nsNSSCertificate::defaultServerNickName() | 6 // nsNSSCertificate::defaultServerNickName() |
| 7 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp | 7 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp |
| 8 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from | 8 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from |
| 9 // AuthCertificateCallback() in | 9 // AuthCertificateCallback() in |
| 10 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 10 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| (...skipping 698 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 709 } | 709 } |
| 710 } | 710 } |
| 711 | 711 |
| 712 LeaveFunction(""); | 712 LeaveFunction(""); |
| 713 return net_error; | 713 return net_error; |
| 714 } | 714 } |
| 715 | 715 |
| 716 int SSLClientSocketNSS::DoVerifyCert(int result) { | 716 int SSLClientSocketNSS::DoVerifyCert(int result) { |
| 717 DCHECK(server_cert_); | 717 DCHECK(server_cert_); |
| 718 GotoState(STATE_VERIFY_CERT_COMPLETE); | 718 GotoState(STATE_VERIFY_CERT_COMPLETE); |
| 719 return verifier_.Verify(server_cert_, hostname_, | 719 int flags = 0; |
| 720 ssl_config_.rev_checking_enabled, | 720 if (ssl_config_.rev_checking_enabled) |
| 721 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
| 722 if (ssl_config_.verify_ev_cert) |
| 723 flags |= X509Certificate::VERIFY_EV_CERT; |
| 724 return verifier_.Verify(server_cert_, hostname_, flags, |
| 721 &server_cert_verify_result_, &io_callback_); | 725 &server_cert_verify_result_, &io_callback_); |
| 722 } | 726 } |
| 723 | 727 |
| 724 // Derived from AuthCertificateCallback() in | 728 // Derived from AuthCertificateCallback() in |
| 725 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. | 729 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 726 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { | 730 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { |
| 727 if (result == OK) { | 731 if (result == OK) { |
| 728 // Remember the intermediate CA certs if the server sends them to us. | 732 // Remember the intermediate CA certs if the server sends them to us. |
| 729 CERTCertList* cert_list = CERT_GetCertChainFromCert( | 733 CERTCertList* cert_list = CERT_GetCertChainFromCert( |
| 730 server_cert_->os_cert_handle(), PR_Now(), certUsageSSLCA); | 734 server_cert_->os_cert_handle(), PR_Now(), certUsageSSLCA); |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 811 if (prerr == PR_WOULD_BLOCK_ERROR) { | 815 if (prerr == PR_WOULD_BLOCK_ERROR) { |
| 812 GotoState(STATE_PAYLOAD_WRITE); | 816 GotoState(STATE_PAYLOAD_WRITE); |
| 813 return ERR_IO_PENDING; | 817 return ERR_IO_PENDING; |
| 814 } | 818 } |
| 815 user_buf_ = NULL; | 819 user_buf_ = NULL; |
| 816 LeaveFunction(""); | 820 LeaveFunction(""); |
| 817 return NetErrorFromNSPRError(prerr); | 821 return NetErrorFromNSPRError(prerr); |
| 818 } | 822 } |
| 819 | 823 |
| 820 } // namespace net | 824 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 125120:
Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify().... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/