Ignore host certificate in remoting::V2Authenticator on the client side.

remoting/protocol/ssl_hmac_channel_authenticator.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"
 
 #include <stdint.h>
 
 #include <utility>
 
@@ skipping 24 matching lines @@
 #include "net/socket/ssl_client_socket_openssl.h"
 #else
 #include "net/socket/client_socket_factory.h"
 #endif
 
 namespace remoting {
 namespace protocol {
 
 namespace {
 
-// A CertVerifier which rejects every certificate.
-class FailingCertVerifier : public net::CertVerifier {
+// A CertVerifier which accets all certificate.
+class AcceptAllCertVerifier : public net::CertVerifier {
  public:
-  FailingCertVerifier() {}
-  ~FailingCertVerifier() override {}
+  AcceptAllCertVerifier() {}
+  ~AcceptAllCertVerifier() override {}
 
   int Verify(net::X509Certificate* cert,
              const std::string& hostname,
              const std::string& ocsp_response,
              int flags,
              net::CRLSet* crl_set,
              net::CertVerifyResult* verify_result,
              const net::CompletionCallback& callback,
              scoped_ptr<Request>* out_req,
              const net::BoundNetLog& net_log) override {
     verify_result->verified_cert = cert;
-    verify_result->cert_status = net::CERT_STATUS_INVALID;
-    return net::ERR_CERT_INVALID;
+    verify_result->cert_status = 0;
+    return net::OK;
   }
 };
 
 // Implements net::StreamSocket interface on top of P2PStreamSocket to be passed
 // to net::SSLClientSocket and net::SSLServerSocket.
 class NetStreamSocketAdapter : public net::StreamSocket {
  public:
   NetStreamSocketAdapter(scoped_ptr<P2PStreamSocket> socket)
       : socket_(std::move(socket)) {}
   ~NetStreamSocketAdapter() override {}
@@ skipping 93 matching lines @@
 
  private:
   scoped_ptr<net::StreamSocket> socket_;
 };
 
 }  // namespace
 
 // static
 scoped_ptr<SslHmacChannelAuthenticator>
 SslHmacChannelAuthenticator::CreateForClient(
-      const std::string& remote_cert,
       const std::string& auth_key) {
   scoped_ptr<SslHmacChannelAuthenticator> result(
       new SslHmacChannelAuthenticator(auth_key));
-  result->remote_cert_ = remote_cert;
   return result;
 }
 
 scoped_ptr<SslHmacChannelAuthenticator>
 SslHmacChannelAuthenticator::CreateForHost(
     const std::string& local_cert,
     scoped_refptr<RsaKeyPair> key_pair,
     const std::string& auth_key) {
   scoped_ptr<SslHmacChannelAuthenticator> result(
       new SslHmacChannelAuthenticator(auth_key));
@@ skipping 40 matching lines @@
     scoped_ptr<net::SSLServerSocket> server_socket = net::CreateSSLServerSocket(
         make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket))),
         cert.get(), *local_key_pair_->private_key(), ssl_config);
     net::SSLServerSocket* raw_server_socket = server_socket.get();
     socket_ = std::move(server_socket);
     result = raw_server_socket->Handshake(
         base::Bind(&SslHmacChannelAuthenticator::OnConnected,
                    base::Unretained(this)));
 #endif
   } else {
-    transport_security_state_.reset(new net::TransportSecurityState);
-    cert_verifier_.reset(new FailingCertVerifier);
-
-    net::SSLConfig::CertAndStatus cert_and_status;
-    cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
-    cert_and_status.der_cert = remote_cert_;
+    transport_security_state_.reset(new net::TransportSecurityState());
+    cert_verifier_.reset(new AcceptAllCertVerifier());
 
     net::SSLConfig ssl_config;
     // Certificate verification and revocation checking are not needed
     // because we use self-signed certs. Disable it so that the SSL
     // layer doesn't try to initialize OCSP (OCSP works only on the IO
     // thread).
     ssl_config.cert_io_enabled = false;
     ssl_config.rev_checking_enabled = false;
-    ssl_config.allowed_bad_certs.push_back(cert_and_status);
     ssl_config.require_ecdhe = true;
 
     net::HostPortPair host_and_port(kSslFakeHostName, 0);
     net::SSLClientSocketContext context;
     context.transport_security_state = transport_security_state_.get();
     context.cert_verifier = cert_verifier_.get();
     scoped_ptr<net::ClientSocketHandle> socket_handle(
         new net::ClientSocketHandle);
     socket_handle->SetSocket(
         make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket))));
@@ skipping 168 matching lines @@
              make_scoped_ptr(new P2PStreamSocketAdapter(std::move(socket_))));
   }
 }
 
 void SslHmacChannelAuthenticator::NotifyError(int error) {
   base::ResetAndReturn(&done_callback_).Run(error, nullptr);
 }
 
 }  // namespace protocol
 }  // namespace remoting