OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc_nss.h" | 5 #include "net/cert/cert_verify_proc_nss.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include <cert.h> | 10 #include <cert.h> |
(...skipping 433 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
444 in_param.type = cert_pi_trustAnchors; | 444 in_param.type = cert_pi_trustAnchors; |
445 in_param.value.pointer.chain = additional_trust_anchors; | 445 in_param.value.pointer.chain = additional_trust_anchors; |
446 cvin.push_back(in_param); | 446 cvin.push_back(in_param); |
447 in_param.type = cert_pi_useOnlyTrustAnchors; | 447 in_param.type = cert_pi_useOnlyTrustAnchors; |
448 in_param.value.scalar.b = PR_FALSE; | 448 in_param.value.scalar.b = PR_FALSE; |
449 cvin.push_back(in_param); | 449 cvin.push_back(in_param); |
450 } | 450 } |
451 in_param.type = cert_pi_end; | 451 in_param.type = cert_pi_end; |
452 cvin.push_back(in_param); | 452 cvin.push_back(in_param); |
453 | 453 |
454 // XXX can't specify slots here | |
Ryan Sleevi
2013/10/09 19:18:00
Why would you need to? What's the thought?
mattm
2013/10/09 23:52:38
Mentioned in an earlier reply, but was just thinki
| |
454 SECStatus rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer, | 455 SECStatus rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer, |
455 &cvin[0], cvout, NULL); | 456 &cvin[0], cvout, NULL); |
456 if (rv != SECSuccess) { | 457 if (rv != SECSuccess) { |
457 rv = RetryPKIXVerifyCertWithWorkarounds(cert_handle, num_policy_oids, | 458 rv = RetryPKIXVerifyCertWithWorkarounds(cert_handle, num_policy_oids, |
458 cert_io_enabled, &cvin, cvout); | 459 cert_io_enabled, &cvin, cvout); |
459 } | 460 } |
460 return rv; | 461 return rv; |
461 } | 462 } |
462 | 463 |
463 // PKIXVerifyCert calls this function to work around some bugs in | 464 // PKIXVerifyCert calls this function to work around some bugs in |
(...skipping 418 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
882 if (VerifyEV(cert_handle, flags, crl_set, check_revocation, metadata, | 883 if (VerifyEV(cert_handle, flags, crl_set, check_revocation, metadata, |
883 ev_policy_oid, trust_anchors.get())) { | 884 ev_policy_oid, trust_anchors.get())) { |
884 verify_result->cert_status |= CERT_STATUS_IS_EV; | 885 verify_result->cert_status |= CERT_STATUS_IS_EV; |
885 } | 886 } |
886 } | 887 } |
887 | 888 |
888 return OK; | 889 return OK; |
889 } | 890 } |
890 | 891 |
891 } // namespace net | 892 } // namespace net |
OLD | NEW |