OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
(...skipping 266 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
277 base::Unretained(this)), | 277 base::Unretained(this)), |
278 &cert_verifier_request_, net_log_); | 278 &cert_verifier_request_, net_log_); |
279 } | 279 } |
280 | 280 |
281 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { | 281 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { |
282 cert_verifier_request_.reset(); | 282 cert_verifier_request_.reset(); |
283 | 283 |
284 const CertVerifyResult& cert_verify_result = | 284 const CertVerifyResult& cert_verify_result = |
285 verify_details_->cert_verify_result; | 285 verify_details_->cert_verify_result; |
286 const CertStatus cert_status = cert_verify_result.cert_status; | 286 const CertStatus cert_status = cert_verify_result.cert_status; |
287 if (result == OK && policy_enforcer_ && | 287 if (result == OK && policy_enforcer_) { |
288 (cert_verify_result.cert_status & CERT_STATUS_IS_EV)) { | 288 if (!policy_enforcer_->DoesConformToCertPolicy( |
289 if (!policy_enforcer_->DoesConformToCTEVPolicy( | |
290 cert_verify_result.verified_cert.get(), | 289 cert_verify_result.verified_cert.get(), |
291 SSLConfigService::GetEVCertsWhitelist().get(), | 290 verify_details_->ct_verify_result)) { |
292 verify_details_->ct_verify_result, net_log_)) { | |
293 verify_details_->cert_verify_result.cert_status |= | 291 verify_details_->cert_verify_result.cert_status |= |
294 CERT_STATUS_CT_COMPLIANCE_FAILED; | 292 CERT_STATUS_CT_COMPLIANCE_FAILED; |
Ryan Sleevi
2016/01/23 02:08:10
BUG: This changes the meaning of this status, in t
| |
293 } | |
294 if ((cert_verify_result.cert_status & CERT_STATUS_IS_EV) && | |
295 !policy_enforcer_->DoesConformToEVPolicy( | |
296 cert_verify_result.verified_cert.get(), | |
297 verify_details_->ct_verify_result, | |
298 SSLConfigService::GetEVCertsWhitelist().get(), net_log_)) { | |
295 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV; | 299 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV; |
296 } | 300 } |
297 } | 301 } |
298 | 302 |
299 // TODO(estark): replace 0 below with the port of the connection. | 303 // TODO(estark): replace 0 below with the port of the connection. |
300 if (transport_security_state_ && | 304 if (transport_security_state_ && |
301 (result == OK || | 305 (result == OK || |
302 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 306 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
303 !transport_security_state_->CheckPublicKeyPins( | 307 !transport_security_state_->CheckPublicKeyPins( |
304 HostPortPair(hostname_, 0), | 308 HostPortPair(hostname_, 0), |
(...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
436 } | 440 } |
437 return status; | 441 return status; |
438 } | 442 } |
439 | 443 |
440 void ProofVerifierChromium::OnJobComplete(Job* job) { | 444 void ProofVerifierChromium::OnJobComplete(Job* job) { |
441 active_jobs_.erase(job); | 445 active_jobs_.erase(job); |
442 delete job; | 446 delete job; |
443 } | 447 } |
444 | 448 |
445 } // namespace net | 449 } // namespace net |
OLD | NEW |