Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(423)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: remoting/protocol/ssl_hmac_channel_authenticator.cc

Issue 1739503003: Ignore host certificate in remoting::V2Authenticator on the client side. Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « remoting/protocol/ssl_hmac_channel_authenticator.h ('k') | remoting/protocol/ssl_hmac_channel_authenticator_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: remoting/protocol/ssl_hmac_channel_authenticator.cc
diff --git a/remoting/protocol/ssl_hmac_channel_authenticator.cc b/remoting/protocol/ssl_hmac_channel_authenticator.cc
index 808bd1b85a5ba0d032a7d1f4e9fbe51aca2d1c82..6d4f464dca63343c3613a1eed35342ce7aa58538 100644
--- a/remoting/protocol/ssl_hmac_channel_authenticator.cc
+++ b/remoting/protocol/ssl_hmac_channel_authenticator.cc
@@ -42,11 +42,11 @@ namespace protocol {
namespace {
-// A CertVerifier which rejects every certificate.
-class FailingCertVerifier : public net::CertVerifier {
+// A CertVerifier which accets all certificate.
+class AcceptAllCertVerifier : public net::CertVerifier {
public:
- FailingCertVerifier() {}
- ~FailingCertVerifier() override {}
+ AcceptAllCertVerifier() {}
+ ~AcceptAllCertVerifier() override {}
int Verify(net::X509Certificate* cert,
const std::string& hostname,
@@ -58,8 +58,8 @@ class FailingCertVerifier : public net::CertVerifier {
scoped_ptr<Request>* out_req,
const net::BoundNetLog& net_log) override {
verify_result->verified_cert = cert;
- verify_result->cert_status = net::CERT_STATUS_INVALID;
- return net::ERR_CERT_INVALID;
+ verify_result->cert_status = 0;
+ return net::OK;
}
};
@@ -173,11 +173,9 @@ class P2PStreamSocketAdapter : public P2PStreamSocket {
// static
scoped_ptr<SslHmacChannelAuthenticator>
SslHmacChannelAuthenticator::CreateForClient(
- const std::string& remote_cert,
const std::string& auth_key) {
scoped_ptr<SslHmacChannelAuthenticator> result(
new SslHmacChannelAuthenticator(auth_key));
- result->remote_cert_ = remote_cert;
return result;
}
@@ -238,12 +236,8 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate(
base::Unretained(this)));
#endif
} else {
- transport_security_state_.reset(new net::TransportSecurityState);
- cert_verifier_.reset(new FailingCertVerifier);
-
- net::SSLConfig::CertAndStatus cert_and_status;
- cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
- cert_and_status.der_cert = remote_cert_;
+ transport_security_state_.reset(new net::TransportSecurityState());
+ cert_verifier_.reset(new AcceptAllCertVerifier());
net::SSLConfig ssl_config;
// Certificate verification and revocation checking are not needed
@@ -252,7 +246,6 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate(
// thread).
ssl_config.cert_io_enabled = false;
ssl_config.rev_checking_enabled = false;
- ssl_config.allowed_bad_certs.push_back(cert_and_status);
ssl_config.require_ecdhe = true;
net::HostPortPair host_and_port(kSslFakeHostName, 0);
« no previous file with comments | « remoting/protocol/ssl_hmac_channel_authenticator.h ('k') | remoting/protocol/ssl_hmac_channel_authenticator_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698