net/cert/cert_verify_proc_chromeos.cc - Issue 137553004: NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/cert/cert_verify_proc_chromeos.cc

Issue 137553004: NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: . Created 6 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "net/cert/cert_verify_proc_chromeos.h"

	6

	7 namespace net {

	8

	9 CertVerifyProcChromeOS::CertVerifyProcChromeOS()

	10 : CertVerifyProcNSS(InitializeCERTChainVerifyCallback()) {}

	11

	12 CertVerifyProcChromeOS::CertVerifyProcChromeOS(

	13 crypto::ScopedPK11Slot public_slot,

	14 crypto::ScopedPK11Slot private_slot)

	15 : CertVerifyProcNSS(InitializeCERTChainVerifyCallback()) {

	16 profile_filter_.Init(public_slot.Pass(), private_slot.Pass());

	17 }

	18

	19 CertVerifyProcChromeOS::~CertVerifyProcChromeOS() {}

	20

	21 CERTChainVerifyCallback*

	22 CertVerifyProcChromeOS::InitializeCERTChainVerifyCallback() {

	23 chain_verify_callback_.isChainValid =

	24 &CertVerifyProcChromeOS::IsChainValidFunc;

	25 chain_verify_callback_.isChainValidArg = static_cast<void*>(this);

	26 return &chain_verify_callback_;

	27 }

	28

	29 // static

	30 SECStatus CertVerifyProcChromeOS::IsChainValidFunc(

	31 void* is_chain_valid_arg,

	32 const CERTCertList* current_chain,

	33 PRBool* chain_ok) {

	34 CertVerifyProcChromeOS* that =

	35 static_cast<CertVerifyProcChromeOS*>(is_chain_valid_arg);

	36 // NSS doesn't define a CERT_LIST_TAIL macro, but this is what it would look

	37 // like.

	38 CERTCertificate* cert = reinterpret_cast<CERTCertListNode*>(

	39 PR_LIST_TAIL(&current_chain->list))->cert;
	Ryan Sleevi 2014/01/22 00:43:48 NACK on using PR_LIST_TAIL for this type. 1) File NACK on using PR_LIST_TAIL for this type. 1) File a bug in NSS to add CERT_LIST_TAIL 2) Add an #ifdef guard ~line 6 to handle when this is being added #ifndef CERT_LIST_TAIL #define CERT_LIST_TAIL(l) ((CERTCertListNode )PR_LIST_TAIL(&l->list)) #endif mattm* 2014/01/24 04:47:31 Done. https://bugzilla.mozilla.org/show_bug.cgi?i Show quoted text On 2014/01/22 00:43:48, Ryan Sleevi wrote: > NACK on using PR_LIST_TAIL for this type. > > 1) File a bug in NSS to add CERT_LIST_TAIL > 2) Add an #ifdef guard ~line 6 to handle when this is being added > > #ifndef CERT_LIST_TAIL > #define CERT_LIST_TAIL(l) ((CERTCertListNode *)PR_LIST_TAIL(&l->list)) > #endif Done. https://bugzilla.mozilla.org/show_bug.cgi?id=962413
	40 // TODO(mattm): If crbug.com/334384 is fixed to allow setting trust

	41 // properly when the same cert is in multiple slots, this would also need

	42 // updating to check the per-slot trust values.

	43 *chain_ok = that->profile_filter_.IsCertAllowed(cert) ? PR_TRUE : PR_FALSE;

	44 return SECSuccess;

	45 }

	46

	47 } // namespace net

OLD	NEW

« net/cert/cert_verify_proc_chromeos.h ('K') | « net/cert/cert_verify_proc_chromeos.h ('k') | net/cert/cert_verify_proc_nss.h » ('j') | net/cert/cert_verify_proc_nss.h » ('J')