Chromium Code Reviews Chromium Code Reviews
Issue 1454993002:
QUIC - Code to verify SCT tag with certificate transparency verifier (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/quic/quic_chromium_client_session.cc |
| diff --git a/net/quic/quic_chromium_client_session.cc b/net/quic/quic_chromium_client_session.cc |
| index 41da42047add7588b84242a776871c6df3fac01d..153efbec9cf78221be64d0e8514e8e51cc21a222 100644 |
| --- a/net/quic/quic_chromium_client_session.cc |
| +++ b/net/quic/quic_chromium_client_session.cc |
| @@ -16,6 +16,7 @@ |
| #include "net/base/io_buffer.h" |
| #include "net/base/net_errors.h" |
| #include "net/base/network_activity_monitor.h" |
| +#include "net/cert/cert_verify_result.h" |
| #include "net/http/transport_security_state.h" |
| #include "net/quic/crypto/proof_verifier_chromium.h" |
| #include "net/quic/crypto/quic_server_info.h" |
| @@ -500,6 +501,27 @@ bool QuicChromiumClientSession::GetSSLInfo(SSLInfo* ssl_info) const { |
| ssl_info->security_bits = security_bits; |
| ssl_info->handshake_type = SSLInfo::HANDSHAKE_FULL; |
| ssl_info->pinning_failure_log = pinning_failure_log_; |
| + |
| + // TODO(rtenneti): Move the following code into ssl_util.cc a new file. |
|
Ryan Hamilton
2015/11/18 20:57:26
+1. Or, it could be a static method of SSLInfo:
S
ramant (doing other things)
2015/11/21 00:27:03
Done.
|
| + for (ct::SCTList::const_iterator iter = |
| + ct_verify_result_->verified_scts.begin(); |
| + iter != ct_verify_result_->verified_scts.end(); ++iter) { |
|
Ryan Hamilton
2015/11/18 20:57:26
Can you use a c++11 range based for loop here:
fo
ramant (doing other things)
2015/11/21 00:27:03
Done.
|
| + ssl_info->signed_certificate_timestamps.push_back( |
| + SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_OK)); |
| + } |
| + for (ct::SCTList::const_iterator iter = |
| + ct_verify_result_->invalid_scts.begin(); |
| + iter != ct_verify_result_->invalid_scts.end(); ++iter) { |
| + ssl_info->signed_certificate_timestamps.push_back( |
| + SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_INVALID)); |
| + } |
| + for (ct::SCTList::const_iterator iter = |
| + ct_verify_result_->unknown_logs_scts.begin(); |
| + iter != ct_verify_result_->unknown_logs_scts.end(); ++iter) { |
| + ssl_info->signed_certificate_timestamps.push_back( |
| + SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_LOG_UNKNOWN)); |
| + } |
| + |
| return true; |
| } |
| @@ -800,6 +822,9 @@ void QuicChromiumClientSession::OnProofVerifyDetailsAvailable( |
| result_copy->CopyFrom(verify_details_chromium->cert_verify_result); |
| cert_verify_result_.reset(result_copy); |
| pinning_failure_log_ = verify_details_chromium->pinning_failure_log; |
| + ct::CTVerifyResult* ct_verify_result_copy = new ct::CTVerifyResult; |
| + *ct_verify_result_copy = verify_details_chromium->ct_verify_result; |
| + ct_verify_result_.reset(ct_verify_result_copy); |
| logger_->OnCertificateVerified(*cert_verify_result_); |
| } |
