Chromium Code Reviews Chromium Code Reviews
Issue 141503002:
Remove obsolete NSS version checks. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_nss.h" | 5 #include "net/cert/cert_verify_proc_nss.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include <cert.h> | 10 #include <cert.h> |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 26 #include "net/cert/crl_set.h" | 26 #include "net/cert/crl_set.h" |
| 27 #include "net/cert/ev_root_ca_metadata.h" | 27 #include "net/cert/ev_root_ca_metadata.h" |
| 28 #include "net/cert/x509_certificate.h" | 28 #include "net/cert/x509_certificate.h" |
| 29 #include "net/cert/x509_util_nss.h" | 29 #include "net/cert/x509_util_nss.h" |
| 30 | 30 |
| 31 #if defined(OS_IOS) | 31 #if defined(OS_IOS) |
| 32 #include <CommonCrypto/CommonDigest.h> | 32 #include <CommonCrypto/CommonDigest.h> |
| 33 #include "net/cert/x509_util_ios.h" | 33 #include "net/cert/x509_util_ios.h" |
| 34 #endif // defined(OS_IOS) | 34 #endif // defined(OS_IOS) |
| 35 | 35 |
| 36 #define NSS_VERSION_NUM (NSS_VMAJOR * 10000 + NSS_VMINOR * 100 + NSS_VPATCH) | |
| 37 #if NSS_VERSION_NUM < 31305 | |
| 38 // Added in NSS 3.13.5. | |
| 39 #define SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED -8016 | |
| 40 #endif | |
| 41 | |
| 42 #if NSS_VERSION_NUM < 31402 | |
| 43 // Added in NSS 3.14.2. | |
| 44 #define cert_pi_useOnlyTrustAnchors static_cast<CERTValParamInType>(14) | |
| 45 #endif | |
| 46 | |
| 47 namespace net { | 36 namespace net { |
| 48 | 37 |
| 49 namespace { | 38 namespace { |
| 50 | 39 |
| 51 typedef scoped_ptr_malloc< | 40 typedef scoped_ptr_malloc< |
| 52 CERTCertificatePolicies, | 41 CERTCertificatePolicies, |
| 53 crypto::NSSDestroyer<CERTCertificatePolicies, | 42 crypto::NSSDestroyer<CERTCertificatePolicies, |
| 54 CERT_DestroyCertificatePoliciesExtension> > | 43 CERT_DestroyCertificatePoliciesExtension> > |
| 55 ScopedCERTCertificatePolicies; | 44 ScopedCERTCertificatePolicies; |
| 56 | 45 |
| (...skipping 680 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 737 return result; | 726 return result; |
| 738 } | 727 } |
| 739 | 728 |
| 740 } // namespace | 729 } // namespace |
| 741 | 730 |
| 742 CertVerifyProcNSS::CertVerifyProcNSS() {} | 731 CertVerifyProcNSS::CertVerifyProcNSS() {} |
| 743 | 732 |
| 744 CertVerifyProcNSS::~CertVerifyProcNSS() {} | 733 CertVerifyProcNSS::~CertVerifyProcNSS() {} |
| 745 | 734 |
| 746 bool CertVerifyProcNSS::SupportsAdditionalTrustAnchors() const { | 735 bool CertVerifyProcNSS::SupportsAdditionalTrustAnchors() const { |
| 747 // This requires APIs introduced in 3.14.2. | 736 return true; |
|
Joao da Silva
2014/01/17 09:04:53
Why not remove this function altogether?
Joao da Silva
2014/01/17 13:22:21
Meh, ignore this comment. Other implementations re
| |
| 748 return NSS_VersionCheck("3.14.2"); | |
| 749 } | 737 } |
| 750 | 738 |
| 751 int CertVerifyProcNSS::VerifyInternal( | 739 int CertVerifyProcNSS::VerifyInternal( |
| 752 X509Certificate* cert, | 740 X509Certificate* cert, |
| 753 const std::string& hostname, | 741 const std::string& hostname, |
| 754 int flags, | 742 int flags, |
| 755 CRLSet* crl_set, | 743 CRLSet* crl_set, |
| 756 const CertificateList& additional_trust_anchors, | 744 const CertificateList& additional_trust_anchors, |
| 757 CertVerifyResult* verify_result) { | 745 CertVerifyResult* verify_result) { |
| 758 #if defined(OS_IOS) | 746 #if defined(OS_IOS) |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 794 (flags & CertVerifier::VERIFY_EV_CERT) && | 782 (flags & CertVerifier::VERIFY_EV_CERT) && |
| 795 IsEVCandidate(metadata, cert_handle, &ev_policy_oid); | 783 IsEVCandidate(metadata, cert_handle, &ev_policy_oid); |
| 796 bool cert_io_enabled = flags & CertVerifier::VERIFY_CERT_IO_ENABLED; | 784 bool cert_io_enabled = flags & CertVerifier::VERIFY_CERT_IO_ENABLED; |
| 797 bool check_revocation = | 785 bool check_revocation = |
| 798 cert_io_enabled && | 786 cert_io_enabled && |
| 799 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED); | 787 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED); |
| 800 if (check_revocation) | 788 if (check_revocation) |
| 801 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED; | 789 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED; |
| 802 | 790 |
| 803 ScopedCERTCertList trust_anchors; | 791 ScopedCERTCertList trust_anchors; |
| 804 if (SupportsAdditionalTrustAnchors() && !additional_trust_anchors.empty()) { | 792 if (!additional_trust_anchors.empty()) { |
| 805 trust_anchors.reset( | 793 trust_anchors.reset( |
| 806 CertificateListToCERTCertList(additional_trust_anchors)); | 794 CertificateListToCERTCertList(additional_trust_anchors)); |
| 807 } | 795 } |
| 808 | 796 |
| 809 SECStatus status = PKIXVerifyCert(cert_handle, check_revocation, false, | 797 SECStatus status = PKIXVerifyCert(cert_handle, check_revocation, false, |
| 810 cert_io_enabled, NULL, 0, | 798 cert_io_enabled, NULL, 0, |
| 811 trust_anchors.get(), cvout); | 799 trust_anchors.get(), cvout); |
| 812 | 800 |
| 813 if (status == SECSuccess && | 801 if (status == SECSuccess && |
| 814 (flags & CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS) && | 802 (flags & CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS) && |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 884 if (VerifyEV(cert_handle, flags, crl_set, check_revocation, metadata, | 872 if (VerifyEV(cert_handle, flags, crl_set, check_revocation, metadata, |
| 885 ev_policy_oid, trust_anchors.get())) { | 873 ev_policy_oid, trust_anchors.get())) { |
| 886 verify_result->cert_status |= CERT_STATUS_IS_EV; | 874 verify_result->cert_status |= CERT_STATUS_IS_EV; |
| 887 } | 875 } |
| 888 } | 876 } |
| 889 | 877 |
| 890 return OK; | 878 return OK; |
| 891 } | 879 } |
| 892 | 880 |
| 893 } // namespace net | 881 } // namespace net |
| OLD | NEW |
