net/quic/crypto/proof_verifier_chromium.cc - Issue 1287023003: Add a info flag set when certs fails to conform to the CT policy.

Side by Side Diff: net/quic/crypto/proof_verifier_chromium.cc

Issue 1287023003: Add a info flag set when certs fails to conform to the CT policy. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix typo Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/quic/crypto/proof_verifier_chromium.h"	5 #include "net/quic/crypto/proof_verifier_chromium.h"

6	6

7 #include "base/bind.h"	7 #include "base/bind.h"

8 #include "base/bind_helpers.h"	8 #include "base/bind_helpers.h"

9 #include "base/callback_helpers.h"	9 #include "base/callback_helpers.h"

10 #include "base/compiler_specific.h"	10 #include "base/compiler_specific.h"

(...skipping 241 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
252 const CertStatus cert_status = cert_verify_result.cert_status;	252 const CertStatus cert_status = cert_verify_result.cert_status;

253 if (result == OK && policy_enforcer_ &&	253 if (result == OK && policy_enforcer_ &&

254 (cert_verify_result.cert_status & CERT_STATUS_IS_EV)) {	254 (cert_verify_result.cert_status & CERT_STATUS_IS_EV)) {

255 // QUIC does not support OCSP stapling or the CT TLS extension; as a	255 // QUIC does not support OCSP stapling or the CT TLS extension; as a

256 // result, CT can never be verified, thus the result is always empty.	256 // result, CT can never be verified, thus the result is always empty.

257 ct::CTVerifyResult empty_ct_result;	257 ct::CTVerifyResult empty_ct_result;

258 if (!policy_enforcer_->DoesConformToCTEVPolicy(	258 if (!policy_enforcer_->DoesConformToCTEVPolicy(

259 cert_verify_result.verified_cert.get(),	259 cert_verify_result.verified_cert.get(),

260 SSLConfigService::GetEVCertsWhitelist().get(), empty_ct_result,	260 SSLConfigService::GetEVCertsWhitelist().get(), empty_ct_result,

261 net_log_)) {	261 net_log_)) {

	262 verify_details_->cert_verify_result.cert_status \|=

	263 CERT_STATUS_CT_COMPLIANCE_FAILED;

262 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV;	264 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV;

263 }	265 }

264 }	266 }

265	267

266 // TODO(estark): replace 0 below with the port of the connection.	268 // TODO(estark): replace 0 below with the port of the connection.

267 if (transport_security_state_ &&	269 if (transport_security_state_ &&

268 (result == OK \|\|	270 (result == OK \|\|

269 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&	271 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&

270 !transport_security_state_->CheckPublicKeyPins(	272 !transport_security_state_->CheckPublicKeyPins(

271 HostPortPair(hostname_, 0),	273 HostPortPair(hostname_, 0),

(...skipping 136 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
408 }	410 }

409 return status;	411 return status;

410 }	412 }

411	413

412 void ProofVerifierChromium::OnJobComplete(Job* job) {	414 void ProofVerifierChromium::OnJobComplete(Job* job) {

413 active_jobs_.erase(job);	415 active_jobs_.erase(job);

414 delete job;	416 delete job;

415 }	417 }

416	418

417 } // namespace net	419 } // namespace net

OLD	NEW

« no previous file with comments | « net/cert/cert_status_flags_list.h ('k') | net/quic/crypto/proof_verifier_chromium_test.cc » ('j') | no next file with comments »