Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(611)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/proof_verifier_chromium.cc

Issue 1578993003: Add Expect CT policy that gets checked on all certs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: tweaks Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/ct_policy_enforcer.cc ('K') | « net/cert/ct_policy_enforcer_unittest.cc ('k') | net/quic/crypto/proof_verifier_chromium_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/proof_verifier_chromium.h" 5 #include "net/quic/crypto/proof_verifier_chromium.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/bind_helpers.h" 10 #include "base/bind_helpers.h"
(...skipping 266 matching lines...) Expand 10 before | Expand all | Expand 10 after
277 base::Unretained(this)), 277 base::Unretained(this)),
278 &cert_verifier_request_, net_log_); 278 &cert_verifier_request_, net_log_);
279 } 279 }
280 280
281 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { 281 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) {
282 cert_verifier_request_.reset(); 282 cert_verifier_request_.reset();
283 283
284 const CertVerifyResult& cert_verify_result = 284 const CertVerifyResult& cert_verify_result =
285 verify_details_->cert_verify_result; 285 verify_details_->cert_verify_result;
286 const CertStatus cert_status = cert_verify_result.cert_status; 286 const CertStatus cert_status = cert_verify_result.cert_status;
287 if (result == OK && policy_enforcer_ && 287 if (result == OK && policy_enforcer_) {
288 (cert_verify_result.cert_status & CERT_STATUS_IS_EV)) { 288 if (!policy_enforcer_->DoesConformToCertPolicy(
289 if (!policy_enforcer_->DoesConformToCTEVPolicy(
290 cert_verify_result.verified_cert.get(), 289 cert_verify_result.verified_cert.get(),
291 SSLConfigService::GetEVCertsWhitelist().get(), 290 verify_details_->ct_verify_result)) {
292 verify_details_->ct_verify_result, net_log_)) {
293 verify_details_->cert_verify_result.cert_status |= 291 verify_details_->cert_verify_result.cert_status |=
294 CERT_STATUS_CT_COMPLIANCE_FAILED; 292 CERT_STATUS_CT_COMPLIANCE_FAILED;
293 }
294 if ((cert_verify_result.cert_status & CERT_STATUS_IS_EV) &&
295 !policy_enforcer_->DoesConformToEVPolicy(
296 cert_verify_result.verified_cert.get(),
297 cert_verify_result.cert_status,
298 SSLConfigService::GetEVCertsWhitelist().get(), net_log_)) {
295 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV; 299 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV;
296 } 300 }
297 } 301 }
298 302
299 // TODO(estark): replace 0 below with the port of the connection. 303 // TODO(estark): replace 0 below with the port of the connection.
300 if (transport_security_state_ && 304 if (transport_security_state_ &&
301 (result == OK || 305 (result == OK ||
302 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && 306 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&
303 !transport_security_state_->CheckPublicKeyPins( 307 !transport_security_state_->CheckPublicKeyPins(
304 HostPortPair(hostname_, 0), 308 HostPortPair(hostname_, 0),
(...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after
436 } 440 }
437 return status; 441 return status;
438 } 442 }
439 443
440 void ProofVerifierChromium::OnJobComplete(Job* job) { 444 void ProofVerifierChromium::OnJobComplete(Job* job) {
441 active_jobs_.erase(job); 445 active_jobs_.erase(job);
442 delete job; 446 delete job;
443 } 447 }
444 448
445 } // namespace net 449 } // namespace net
OLDNEW
« net/cert/ct_policy_enforcer.cc ('K') | « net/cert/ct_policy_enforcer_unittest.cc ('k') | net/quic/crypto/proof_verifier_chromium_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698