net/base/x509_certificate_nss.cc - Issue 125120: Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify()....

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/x509_certificate_nss.cc

Issue 125120: Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify().... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: '' Created 11 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: net/base/x509_certificate_nss.cc

===================================================================

--- net/base/x509_certificate_nss.cc (revision 19005)

+++ net/base/x509_certificate_nss.cc (working copy)

@@ -371,7 +371,7 @@

// The problem is that we get segfault when unit tests is going to terminate

// if PR_Cleanup is called in NSSInitSingleton destructor.

int X509Certificate::Verify(const std::string& hostname,

- bool rev_checking_enabled,

+ int flags,

CertVerifyResult* verify_result) const {

verify_result->Reset();

@@ -391,6 +391,9 @@

// OCSP mode would fail with SEC_ERROR_UNKNOWN_ISSUER.

// We need to set up OCSP and install an HTTP client for NSS.

bool use_ocsp = false;

+ // EV requires revocation checking.

+ if (!(flags & VERIFY_REV_CHECKING_ENABLED))

+ flags &= ~VERIFY_EV_CERT;

// TODO(wtc): Use CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE and

// CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE for EV certificate

@@ -477,11 +480,13 @@

verify_result);

if (IsCertStatusError(verify_result->cert_status))

return MapCertStatusToNetError(verify_result->cert_status);

+ if ((flags & VERIFY_EV_CERT) && VerifyEV())

+ verify_result->cert_status |= CERT_STATUS_IS_EV;

return OK;

}

// TODO(port): Implement properly on Linux.

-bool X509Certificate::IsEV(int status) const {

+bool X509Certificate::VerifyEV() const {

NOTIMPLEMENTED();

return false;

}

« no previous file with comments | « net/base/x509_certificate_mac.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »