Index: remoting/protocol/ssl_hmac_channel_authenticator.cc |
diff --git a/remoting/protocol/ssl_hmac_channel_authenticator.cc b/remoting/protocol/ssl_hmac_channel_authenticator.cc |
index 808bd1b85a5ba0d032a7d1f4e9fbe51aca2d1c82..6d4f464dca63343c3613a1eed35342ce7aa58538 100644 |
--- a/remoting/protocol/ssl_hmac_channel_authenticator.cc |
+++ b/remoting/protocol/ssl_hmac_channel_authenticator.cc |
@@ -42,11 +42,11 @@ namespace protocol { |
namespace { |
-// A CertVerifier which rejects every certificate. |
-class FailingCertVerifier : public net::CertVerifier { |
+// A CertVerifier which accets all certificate. |
+class AcceptAllCertVerifier : public net::CertVerifier { |
public: |
- FailingCertVerifier() {} |
- ~FailingCertVerifier() override {} |
+ AcceptAllCertVerifier() {} |
+ ~AcceptAllCertVerifier() override {} |
int Verify(net::X509Certificate* cert, |
const std::string& hostname, |
@@ -58,8 +58,8 @@ class FailingCertVerifier : public net::CertVerifier { |
scoped_ptr<Request>* out_req, |
const net::BoundNetLog& net_log) override { |
verify_result->verified_cert = cert; |
- verify_result->cert_status = net::CERT_STATUS_INVALID; |
- return net::ERR_CERT_INVALID; |
+ verify_result->cert_status = 0; |
+ return net::OK; |
} |
}; |
@@ -173,11 +173,9 @@ class P2PStreamSocketAdapter : public P2PStreamSocket { |
// static |
scoped_ptr<SslHmacChannelAuthenticator> |
SslHmacChannelAuthenticator::CreateForClient( |
- const std::string& remote_cert, |
const std::string& auth_key) { |
scoped_ptr<SslHmacChannelAuthenticator> result( |
new SslHmacChannelAuthenticator(auth_key)); |
- result->remote_cert_ = remote_cert; |
return result; |
} |
@@ -238,12 +236,8 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate( |
base::Unretained(this))); |
#endif |
} else { |
- transport_security_state_.reset(new net::TransportSecurityState); |
- cert_verifier_.reset(new FailingCertVerifier); |
- |
- net::SSLConfig::CertAndStatus cert_and_status; |
- cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; |
- cert_and_status.der_cert = remote_cert_; |
+ transport_security_state_.reset(new net::TransportSecurityState()); |
+ cert_verifier_.reset(new AcceptAllCertVerifier()); |
net::SSLConfig ssl_config; |
// Certificate verification and revocation checking are not needed |
@@ -252,7 +246,6 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate( |
// thread). |
ssl_config.cert_io_enabled = false; |
ssl_config.rev_checking_enabled = false; |
- ssl_config.allowed_bad_certs.push_back(cert_and_status); |
ssl_config.require_ecdhe = true; |
net::HostPortPair host_and_port(kSslFakeHostName, 0); |