net/cert/cert_verify_proc_openssl.cc - Issue 137553004: NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles.

Side by Side Diff: net/cert/cert_verify_proc_openssl.cc

Issue 137553004: NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: update ProfileIOData comment Created 6 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/cert_verify_proc_openssl.h"	5 #include "net/cert/cert_verify_proc_openssl.h"

6	6

7 #include <openssl/x509v3.h>	7 #include <openssl/x509v3.h>

8	8

9 #include <string>	9 #include <string>

10 #include <vector>	10 #include <vector>

(...skipping 122 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
133 // certificate is issued by a known root using OpenSSL is to examine	133 // certificate is issued by a known root using OpenSSL is to examine

134 // distro-and-release specific hardcoded lists.	134 // distro-and-release specific hardcoded lists.

135 verify_result->is_issued_by_known_root = true;	135 verify_result->is_issued_by_known_root = true;

136 if (TestRootCerts::HasInstance()) {	136 if (TestRootCerts::HasInstance()) {

137 X509* root = NULL;	137 X509* root = NULL;

138 if (verified_chain.empty()) {	138 if (verified_chain.empty()) {

139 root = verified_cert;	139 root = verified_cert;

140 } else {	140 } else {

141 root = verified_chain.back();	141 root = verified_chain.back();

142 }	142 }

143 const CertificateList& temporary_roots =	143 TestRootCerts* root_certs = TestRootCerts::GetInstance();

144 TestRootCerts::GetInstance()->temporary_roots();	144 if (root_certs->Contains(root))

145 for (size_t i = 0; i < temporary_roots.size(); ++i) {

146 if (X509Certificate::IsSameOSCert(

147 root, temporary_roots[i]->os_cert_handle())) {

148 verify_result->is_issued_by_known_root = false;	145 verify_result->is_issued_by_known_root = false;

149 break;

150 }

151 }

152 }	146 }

153 }	147 }

154 }	148 }

155	149

156 void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx,	150 void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx,

157 HashValueVector* hashes) {	151 HashValueVector* hashes) {

158 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx);	152 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx);

159 for (int i = 0; i < sk_X509_num(chain); ++i) {	153 for (int i = 0; i < sk_X509_num(chain); ++i) {

160 X509* cert = sk_X509_value(chain, i);	154 X509* cert = sk_X509_value(chain, i);

161	155

(...skipping 75 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
237	231

238 GetCertChainInfo(ctx.get(), verify_result);	232 GetCertChainInfo(ctx.get(), verify_result);

239 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes);	233 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes);

240 if (IsCertStatusError(verify_result->cert_status))	234 if (IsCertStatusError(verify_result->cert_status))

241 return MapCertStatusToNetError(verify_result->cert_status);	235 return MapCertStatusToNetError(verify_result->cert_status);

242	236

243 return OK;	237 return OK;

244 }	238 }

245	239

246 } // namespace net	240 } // namespace net

OLD	NEW

« chrome/browser/profiles/profile_io_data.cc ('K') | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/nss_profile_filter_chromeos.h » ('j') | no next file with comments »