| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 3122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3133 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = | 3133 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
| 3134 SSLConfigService::GetEVCertsWhitelist(); | 3134 SSLConfigService::GetEVCertsWhitelist(); |
| 3135 if (!policy_enforcer_->DoesConformToCTEVPolicy( | 3135 if (!policy_enforcer_->DoesConformToCTEVPolicy( |
| 3136 server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(), | 3136 server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(), |
| 3137 ct_verify_result_, net_log_)) { | 3137 ct_verify_result_, net_log_)) { |
| 3138 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 | 3138 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 |
| 3139 VLOG(1) << "EV certificate for " | 3139 VLOG(1) << "EV certificate for " |
| 3140 << server_cert_verify_result_.verified_cert->subject() | 3140 << server_cert_verify_result_.verified_cert->subject() |
| 3141 .GetDisplayName() | 3141 .GetDisplayName() |
| 3142 << " does not conform to CT policy, removing EV status."; | 3142 << " does not conform to CT policy, removing EV status."; |
| 3143 server_cert_verify_result_.cert_status |= |
| 3144 CERT_STATUS_CT_COMPLIANCE_FAILED; |
| 3143 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 3145 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| 3144 } | 3146 } |
| 3145 } | 3147 } |
| 3146 } | 3148 } |
| 3147 | 3149 |
| 3148 void SSLClientSocketNSS::EnsureThreadIdAssigned() const { | 3150 void SSLClientSocketNSS::EnsureThreadIdAssigned() const { |
| 3149 base::AutoLock auto_lock(lock_); | 3151 base::AutoLock auto_lock(lock_); |
| 3150 if (valid_thread_id_ != base::kInvalidThreadId) | 3152 if (valid_thread_id_ != base::kInvalidThreadId) |
| 3151 return; | 3153 return; |
| 3152 valid_thread_id_ = base::PlatformThread::CurrentId(); | 3154 valid_thread_id_ = base::PlatformThread::CurrentId(); |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3184 return channel_id_service_; | 3186 return channel_id_service_; |
| 3185 } | 3187 } |
| 3186 | 3188 |
| 3187 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { | 3189 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { |
| 3188 if (completed_handshake_) | 3190 if (completed_handshake_) |
| 3189 return SSL_FAILURE_NONE; | 3191 return SSL_FAILURE_NONE; |
| 3190 return SSL_FAILURE_UNKNOWN; | 3192 return SSL_FAILURE_UNKNOWN; |
| 3191 } | 3193 } |
| 3192 | 3194 |
| 3193 } // namespace net | 3195 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1287023003:
Add a info flag set when certs fails to conform to the CT policy. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master