OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
(...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
252 const CertStatus cert_status = cert_verify_result.cert_status; | 252 const CertStatus cert_status = cert_verify_result.cert_status; |
253 if (result == OK && policy_enforcer_ && | 253 if (result == OK && policy_enforcer_ && |
254 (cert_verify_result.cert_status & CERT_STATUS_IS_EV)) { | 254 (cert_verify_result.cert_status & CERT_STATUS_IS_EV)) { |
255 // QUIC does not support OCSP stapling or the CT TLS extension; as a | 255 // QUIC does not support OCSP stapling or the CT TLS extension; as a |
256 // result, CT can never be verified, thus the result is always empty. | 256 // result, CT can never be verified, thus the result is always empty. |
257 ct::CTVerifyResult empty_ct_result; | 257 ct::CTVerifyResult empty_ct_result; |
258 if (!policy_enforcer_->DoesConformToCTEVPolicy( | 258 if (!policy_enforcer_->DoesConformToCTEVPolicy( |
259 cert_verify_result.verified_cert.get(), | 259 cert_verify_result.verified_cert.get(), |
260 SSLConfigService::GetEVCertsWhitelist().get(), empty_ct_result, | 260 SSLConfigService::GetEVCertsWhitelist().get(), empty_ct_result, |
261 net_log_)) { | 261 net_log_)) { |
| 262 verify_details_->cert_verify_result.cert_status |= |
| 263 CERT_STATUS_CT_COMPLIANCE_FAILED; |
262 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV; | 264 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV; |
263 } | 265 } |
264 } | 266 } |
265 | 267 |
266 // TODO(estark): replace 0 below with the port of the connection. | 268 // TODO(estark): replace 0 below with the port of the connection. |
267 if (transport_security_state_ && | 269 if (transport_security_state_ && |
268 (result == OK || | 270 (result == OK || |
269 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 271 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
270 !transport_security_state_->CheckPublicKeyPins( | 272 !transport_security_state_->CheckPublicKeyPins( |
271 HostPortPair(hostname_, 0), | 273 HostPortPair(hostname_, 0), |
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
408 } | 410 } |
409 return status; | 411 return status; |
410 } | 412 } |
411 | 413 |
412 void ProofVerifierChromium::OnJobComplete(Job* job) { | 414 void ProofVerifierChromium::OnJobComplete(Job* job) { |
413 active_jobs_.erase(job); | 415 active_jobs_.erase(job); |
414 delete job; | 416 delete job; |
415 } | 417 } |
416 | 418 |
417 } // namespace net | 419 } // namespace net |
OLD | NEW |