| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_openssl.h" | 5 #include "net/cert/cert_verify_proc_openssl.h" |
| 6 | 6 |
| 7 #include <openssl/x509v3.h> | 7 #include <openssl/x509v3.h> |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 133 // certificate is issued by a known root using OpenSSL is to examine | 133 // certificate is issued by a known root using OpenSSL is to examine |
| 134 // distro-and-release specific hardcoded lists. | 134 // distro-and-release specific hardcoded lists. |
| 135 verify_result->is_issued_by_known_root = true; | 135 verify_result->is_issued_by_known_root = true; |
| 136 if (TestRootCerts::HasInstance()) { | 136 if (TestRootCerts::HasInstance()) { |
| 137 X509* root = NULL; | 137 X509* root = NULL; |
| 138 if (verified_chain.empty()) { | 138 if (verified_chain.empty()) { |
| 139 root = verified_cert; | 139 root = verified_cert; |
| 140 } else { | 140 } else { |
| 141 root = verified_chain.back(); | 141 root = verified_chain.back(); |
| 142 } | 142 } |
| 143 const CertificateList& temporary_roots = | 143 TestRootCerts* root_certs = TestRootCerts::GetInstance(); |
| 144 TestRootCerts::GetInstance()->temporary_roots(); | 144 if (root_certs->Contains(root)) |
| 145 for (size_t i = 0; i < temporary_roots.size(); ++i) { | |
| 146 if (X509Certificate::IsSameOSCert( | |
| 147 root, temporary_roots[i]->os_cert_handle())) { | |
| 148 verify_result->is_issued_by_known_root = false; | 145 verify_result->is_issued_by_known_root = false; |
| 149 break; | |
| 150 } | |
| 151 } | |
| 152 } | 146 } |
| 153 } | 147 } |
| 154 } | 148 } |
| 155 | 149 |
| 156 void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx, | 150 void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx, |
| 157 HashValueVector* hashes) { | 151 HashValueVector* hashes) { |
| 158 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx); | 152 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx); |
| 159 for (int i = 0; i < sk_X509_num(chain); ++i) { | 153 for (int i = 0; i < sk_X509_num(chain); ++i) { |
| 160 X509* cert = sk_X509_value(chain, i); | 154 X509* cert = sk_X509_value(chain, i); |
| 161 | 155 |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 237 | 231 |
| 238 GetCertChainInfo(ctx.get(), verify_result); | 232 GetCertChainInfo(ctx.get(), verify_result); |
| 239 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); | 233 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); |
| 240 if (IsCertStatusError(verify_result->cert_status)) | 234 if (IsCertStatusError(verify_result->cert_status)) |
| 241 return MapCertStatusToNetError(verify_result->cert_status); | 235 return MapCertStatusToNetError(verify_result->cert_status); |
| 242 | 236 |
| 243 return OK; | 237 return OK; |
| 244 } | 238 } |
| 245 | 239 |
| 246 } // namespace net | 240 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 137553004:
NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src