OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <errno.h> | 10 #include <errno.h> |
(...skipping 1407 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1418 if (sct_list_len > 0) | 1418 if (sct_list_len > 0) |
1419 sct_list.assign(reinterpret_cast<const char*>(sct_list_raw), sct_list_len); | 1419 sct_list.assign(reinterpret_cast<const char*>(sct_list_raw), sct_list_len); |
1420 | 1420 |
1421 // Note that this is a completely synchronous operation: The CT Log Verifier | 1421 // Note that this is a completely synchronous operation: The CT Log Verifier |
1422 // gets all the data it needs for SCT verification and does not do any | 1422 // gets all the data it needs for SCT verification and does not do any |
1423 // external communication. | 1423 // external communication. |
1424 cert_transparency_verifier_->Verify( | 1424 cert_transparency_verifier_->Verify( |
1425 server_cert_verify_result_.verified_cert.get(), ocsp_response, sct_list, | 1425 server_cert_verify_result_.verified_cert.get(), ocsp_response, sct_list, |
1426 &ct_verify_result_, net_log_); | 1426 &ct_verify_result_, net_log_); |
1427 | 1427 |
1428 if (policy_enforcer_ && | 1428 if (policy_enforcer_) { |
1429 (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV)) { | |
1430 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = | 1429 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
1431 SSLConfigService::GetEVCertsWhitelist(); | 1430 SSLConfigService::GetEVCertsWhitelist(); |
1432 if (!policy_enforcer_->DoesConformToCTEVPolicy( | 1431 if (!policy_enforcer_->DoesConformToCTEVPolicy( |
1433 server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(), | 1432 server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(), |
1434 ct_verify_result_, net_log_)) { | 1433 ct_verify_result_, net_log_)) { |
1435 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 | 1434 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 |
1436 VLOG(1) << "EV certificate for " | 1435 VLOG(1) |
1437 << server_cert_verify_result_.verified_cert->subject() | 1436 << "Certificate for " |
1438 .GetDisplayName() | 1437 << server_cert_verify_result_.verified_cert->subject() |
1439 << " does not conform to CT policy, removing EV status."; | 1438 .GetDisplayName() |
| 1439 << " does not conform to CT policy, removing EV status if present."; |
1440 server_cert_verify_result_.cert_status |= | 1440 server_cert_verify_result_.cert_status |= |
1441 CERT_STATUS_CT_COMPLIANCE_FAILED; | 1441 CERT_STATUS_CT_COMPLIANCE_FAILED; |
1442 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 1442 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
1443 } | 1443 } |
1444 } | 1444 } |
1445 } | 1445 } |
1446 | 1446 |
1447 void SSLClientSocketOpenSSL::OnHandshakeIOComplete(int result) { | 1447 void SSLClientSocketOpenSSL::OnHandshakeIOComplete(int result) { |
1448 int rv = DoHandshakeLoop(result); | 1448 int rv = DoHandshakeLoop(result); |
1449 if (rv != ERR_IO_PENDING) { | 1449 if (rv != ERR_IO_PENDING) { |
(...skipping 860 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2310 tb_was_negotiated_ = true; | 2310 tb_was_negotiated_ = true; |
2311 return 1; | 2311 return 1; |
2312 } | 2312 } |
2313 } | 2313 } |
2314 | 2314 |
2315 *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; | 2315 *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; |
2316 return 0; | 2316 return 0; |
2317 } | 2317 } |
2318 | 2318 |
2319 } // namespace net | 2319 } // namespace net |
OLD | NEW |