| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_win.h" | 5 #include "net/socket/ssl_client_socket_win.h" |
| 6 | 6 |
| 7 #include <schnlsp.h> | 7 #include <schnlsp.h> |
| 8 | 8 |
| 9 #include "base/lock.h" | 9 #include "base/lock.h" |
| 10 #include "base/singleton.h" | 10 #include "base/singleton.h" |
| (...skipping 830 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 841 next_state_ = STATE_HANDSHAKE_WRITE; | 841 next_state_ = STATE_HANDSHAKE_WRITE; |
| 842 return OK; | 842 return OK; |
| 843 } | 843 } |
| 844 | 844 |
| 845 // Set server_cert_status_ and return OK or a network error. | 845 // Set server_cert_status_ and return OK or a network error. |
| 846 int SSLClientSocketWin::DoVerifyCert() { | 846 int SSLClientSocketWin::DoVerifyCert() { |
| 847 next_state_ = STATE_VERIFY_CERT_COMPLETE; | 847 next_state_ = STATE_VERIFY_CERT_COMPLETE; |
| 848 | 848 |
| 849 DCHECK(server_cert_); | 849 DCHECK(server_cert_); |
| 850 | 850 |
| 851 return verifier_.Verify(server_cert_, hostname_, | 851 int flags = 0; |
| 852 ssl_config_.rev_checking_enabled, | 852 if (ssl_config_.rev_checking_enabled) |
| 853 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
| 854 if (ssl_config_.verify_ev_cert) |
| 855 flags |= X509Certificate::VERIFY_EV_CERT; |
| 856 return verifier_.Verify(server_cert_, hostname_, flags, |
| 853 &server_cert_verify_result_, &io_callback_); | 857 &server_cert_verify_result_, &io_callback_); |
| 854 } | 858 } |
| 855 | 859 |
| 856 int SSLClientSocketWin::DoVerifyCertComplete(int result) { | 860 int SSLClientSocketWin::DoVerifyCertComplete(int result) { |
| 857 // If we have been explicitly told to accept this certificate, override the | 861 // If we have been explicitly told to accept this certificate, override the |
| 858 // result of verifier_.Verify. | 862 // result of verifier_.Verify. |
| 859 // Eventually, we should cache the cert verification results so that we don't | 863 // Eventually, we should cache the cert verification results so that we don't |
| 860 // need to call verifier_.Verify repeatedly. But for now we need to do this. | 864 // need to call verifier_.Verify repeatedly. But for now we need to do this. |
| 861 // Alternatively, we might be able to store the cert's status along with | 865 // Alternatively, we might be able to store the cert's status along with |
| 862 // the cert in the allowed_bad_certs_ set. | 866 // the cert in the allowed_bad_certs_ set. |
| (...skipping 318 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1181 } | 1185 } |
| 1182 } | 1186 } |
| 1183 | 1187 |
| 1184 void SSLClientSocketWin::FreeSendBuffer() { | 1188 void SSLClientSocketWin::FreeSendBuffer() { |
| 1185 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); | 1189 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); |
| 1186 DCHECK(status == SEC_E_OK); | 1190 DCHECK(status == SEC_E_OK); |
| 1187 memset(&send_buffer_, 0, sizeof(send_buffer_)); | 1191 memset(&send_buffer_, 0, sizeof(send_buffer_)); |
| 1188 } | 1192 } |
| 1189 | 1193 |
| 1190 } // namespace net | 1194 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 125120:
Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify().... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/