Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(838)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/quic/crypto/proof_verifier_chromium.cc

Issue 1652603002: Add information to SSLInfo about CT EV policy compliance (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: add TODO for CTVerifyResult in CTPolicyEnforcer tests Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/net.gypi ('k') | net/quic/crypto/proof_verifier_chromium_test.cc » ('j') | net/ssl/ssl_info.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/proof_verifier_chromium.cc
diff --git a/net/quic/crypto/proof_verifier_chromium.cc b/net/quic/crypto/proof_verifier_chromium.cc
index e9191a76c2bca2897f96221082428aa03b1f9156..6e6cc227e3e7ec45673e77ea19397791a76e7ef5 100644
--- a/net/quic/crypto/proof_verifier_chromium.cc
+++ b/net/quic/crypto/proof_verifier_chromium.cc
@@ -23,6 +23,7 @@
#include "net/cert/cert_verifier.h"
#include "net/cert/cert_verify_result.h"
#include "net/cert/ct_policy_enforcer.h"
+#include "net/cert/ct_policy_status.h"
#include "net/cert/ct_verifier.h"
#include "net/cert/x509_certificate.h"
#include "net/cert/x509_util.h"
@@ -284,12 +285,21 @@ int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) {
const CertVerifyResult& cert_verify_result =
verify_details_->cert_verify_result;
const CertStatus cert_status = cert_verify_result.cert_status;
+ verify_details_->ct_verify_result.ct_policies_applied =
+ (result == OK && policy_enforcer_ != nullptr);
+ verify_details_->ct_verify_result.ev_policy_compliance =
+ ct::EV_POLICY_DOES_NOT_APPLY;
if (result == OK && policy_enforcer_ &&
(cert_verify_result.cert_status & CERT_STATUS_IS_EV)) {
- if (!policy_enforcer_->DoesConformToCTEVPolicy(
+ ct::EVPolicyCompliance ev_policy_compliance =
+ policy_enforcer_->DoesConformToCTEVPolicy(
cert_verify_result.verified_cert.get(),
SSLConfigService::GetEVCertsWhitelist().get(),
- verify_details_->ct_verify_result, net_log_)) {
+ verify_details_->ct_verify_result.verified_scts, net_log_);
+ verify_details_->ct_verify_result.ev_policy_compliance =
+ ev_policy_compliance;
+ if (ev_policy_compliance != ct::EV_POLICY_COMPLIES_VIA_WHITELIST &&
+ ev_policy_compliance != ct::EV_POLICY_COMPLIES_VIA_SCTS) {
Ryan Sleevi 2016/02/11 02:57:24 Why does DOES_NOT_APPLY not need to be checked her
estark 2016/02/11 04:06:20 Oh, I think we should just be checking for DOES_NO
verify_details_->cert_verify_result.cert_status |=
CERT_STATUS_CT_COMPLIANCE_FAILED;
verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV;
« no previous file with comments | « net/net.gypi ('k') | net/quic/crypto/proof_verifier_chromium_test.cc » ('j') | net/ssl/ssl_info.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698