net/cert/cert_verify_proc_nss.cc - Issue 18121007: *WIP* Store NSS slots per profile. Move keygen to chrome.

Side by Side Diff: net/cert/cert_verify_proc_nss.cc

Issue 18121007: *WIP* Store NSS slots per profile. Move keygen to chrome. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/cert_verify_proc_nss.h"	5 #include "net/cert/cert_verify_proc_nss.h"

6	6

7 #include <string>	7 #include <string>

8 #include <vector>	8 #include <vector>

9	9

10 #include <cert.h>	10 #include <cert.h>

(...skipping 441 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
452 in_param.type = cert_pi_trustAnchors;	452 in_param.type = cert_pi_trustAnchors;

453 in_param.value.pointer.chain = additional_trust_anchors;	453 in_param.value.pointer.chain = additional_trust_anchors;

454 cvin.push_back(in_param);	454 cvin.push_back(in_param);

455 in_param.type = cert_pi_useOnlyTrustAnchors;	455 in_param.type = cert_pi_useOnlyTrustAnchors;

456 in_param.value.scalar.b = PR_FALSE;	456 in_param.value.scalar.b = PR_FALSE;

457 cvin.push_back(in_param);	457 cvin.push_back(in_param);

458 }	458 }

459 in_param.type = cert_pi_end;	459 in_param.type = cert_pi_end;

460 cvin.push_back(in_param);	460 cvin.push_back(in_param);

461	461

	462 // XXX can't specify slots here
	Ryan Sleevi 2013/06/28 17:01:59 Curious what/why you mentioned this? Curious what/why you mentioned this? mattm 2013/09/12 21:46:32 Was just looking at places that would care about u Show quoted text On 2013/06/28 17:01:59, Ryan Sleevi wrote: > Curious what/why you mentioned this? Was just looking at places that would care about using the correct slot. For Issue 218627 (Honor trust roots per-profile) this cert verification stuff seemed relevant, but I'm not familiar with the API mentioned in #0 of that bug. Doing that would be a different CL anyway though.
462 SECStatus rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer,	463 SECStatus rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer,

463 &cvin[0], cvout, NULL);	464 &cvin[0], cvout, NULL);

464 if (rv != SECSuccess) {	465 if (rv != SECSuccess) {

465 rv = RetryPKIXVerifyCertWithWorkarounds(cert_handle, num_policy_oids,	466 rv = RetryPKIXVerifyCertWithWorkarounds(cert_handle, num_policy_oids,

466 cert_io_enabled, &cvin, cvout);	467 cert_io_enabled, &cvin, cvout);

467 }	468 }

468 return rv;	469 return rv;

469 }	470 }

470	471

471 // PKIXVerifyCert calls this function to work around some bugs in	472 // PKIXVerifyCert calls this function to work around some bugs in

(...skipping 400 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
872 if ((flags & CertVerifier::VERIFY_EV_CERT) && is_ev_candidate &&	873 if ((flags & CertVerifier::VERIFY_EV_CERT) && is_ev_candidate &&

873 VerifyEV(cert_handle, flags, crl_set, metadata, ev_policy_oid,	874 VerifyEV(cert_handle, flags, crl_set, metadata, ev_policy_oid,

874 trust_anchors.get())) {	875 trust_anchors.get())) {

875 verify_result->cert_status \|= CERT_STATUS_IS_EV;	876 verify_result->cert_status \|= CERT_STATUS_IS_EV;

876 }	877 }

877	878

878 return OK;	879 return OK;

879 }	880 }

880	881

881 } // namespace net	882 } // namespace net

OLD	NEW

« no previous file with comments | « net/base/keygen_handler_unittest.cc ('k') | net/ssl/client_cert_store_impl_nss.cc » ('j') | net/ssl/client_cert_store_impl_nss.cc » ('J')