net/socket/ssl_client_socket_openssl.cc - Issue 1287023003: Add a info flag set when certs fails to conform to the CT policy.

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 1287023003: Add a info flag set when certs fails to conform to the CT policy. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix typo Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // OpenSSL binding for SSLClientSocket. The class layout and general principle	5 // OpenSSL binding for SSLClientSocket. The class layout and general principle

6 // of operation is derived from SSLClientSocketNSS.	6 // of operation is derived from SSLClientSocketNSS.

7	7

8 #include "net/socket/ssl_client_socket_openssl.h"	8 #include "net/socket/ssl_client_socket_openssl.h"

9	9

10 #include <errno.h>	10 #include <errno.h>

(...skipping 1321 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1332 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =	1332 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =

1333 SSLConfigService::GetEVCertsWhitelist();	1333 SSLConfigService::GetEVCertsWhitelist();

1334 if (!policy_enforcer_->DoesConformToCTEVPolicy(	1334 if (!policy_enforcer_->DoesConformToCTEVPolicy(

1335 server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(),	1335 server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(),

1336 ct_verify_result_, net_log_)) {	1336 ct_verify_result_, net_log_)) {

1337 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766	1337 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766

1338 VLOG(1) << "EV certificate for "	1338 VLOG(1) << "EV certificate for "

1339 << server_cert_verify_result_.verified_cert->subject()	1339 << server_cert_verify_result_.verified_cert->subject()

1340 .GetDisplayName()	1340 .GetDisplayName()

1341 << " does not conform to CT policy, removing EV status.";	1341 << " does not conform to CT policy, removing EV status.";

	1342 server_cert_verify_result_.cert_status \|=

	1343 CERT_STATUS_CT_COMPLIANCE_FAILED;

1342 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;	1344 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;

1343 }	1345 }

1344 }	1346 }

1345 }	1347 }

1346	1348

1347 void SSLClientSocketOpenSSL::OnHandshakeIOComplete(int result) {	1349 void SSLClientSocketOpenSSL::OnHandshakeIOComplete(int result) {

1348 int rv = DoHandshakeLoop(result);	1350 int rv = DoHandshakeLoop(result);

1349 if (rv != ERR_IO_PENDING) {	1351 if (rv != ERR_IO_PENDING) {

1350 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);	1352 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);

1351 DoConnectCallback(rv);	1353 DoConnectCallback(rv);

(...skipping 789 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2141 OnHandshakeIOComplete(signature_result_);	2143 OnHandshakeIOComplete(signature_result_);

2142 return;	2144 return;

2143 }	2145 }

2144	2146

2145 // During a renegotiation, either Read or Write calls may be blocked on an	2147 // During a renegotiation, either Read or Write calls may be blocked on an

2146 // asynchronous private key operation.	2148 // asynchronous private key operation.

2147 PumpReadWriteEvents();	2149 PumpReadWriteEvents();

2148 }	2150 }

2149	2151

2150 } // namespace net	2152 } // namespace net

OLD	NEW

« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | no next file » | no next file with comments »