net/cert/cert_verify_proc_nss.cc - Issue 18121007: *WIP* Store NSS slots per profile. Move keygen to chrome.

Side by Side Diff: net/cert/cert_verify_proc_nss.cc

Issue 18121007: *WIP* Store NSS slots per profile. Move keygen to chrome. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: cleanups, add test for chrome keygen class Created 7 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/cert_verify_proc_nss.h"	5 #include "net/cert/cert_verify_proc_nss.h"

6	6

7 #include <string>	7 #include <string>

8 #include <vector>	8 #include <vector>

9	9

10 #include <cert.h>	10 #include <cert.h>

(...skipping 433 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
444 in_param.type = cert_pi_trustAnchors;	444 in_param.type = cert_pi_trustAnchors;

445 in_param.value.pointer.chain = additional_trust_anchors;	445 in_param.value.pointer.chain = additional_trust_anchors;

446 cvin.push_back(in_param);	446 cvin.push_back(in_param);

447 in_param.type = cert_pi_useOnlyTrustAnchors;	447 in_param.type = cert_pi_useOnlyTrustAnchors;

448 in_param.value.scalar.b = PR_FALSE;	448 in_param.value.scalar.b = PR_FALSE;

449 cvin.push_back(in_param);	449 cvin.push_back(in_param);

450 }	450 }

451 in_param.type = cert_pi_end;	451 in_param.type = cert_pi_end;

452 cvin.push_back(in_param);	452 cvin.push_back(in_param);

453	453

	454 // XXX can't specify slots here
	Ryan Sleevi 2013/10/09 19:18:00 Why would you need to? What's the thought? Why would you need to? What's the thought? mattm 2013/10/09 23:52:38 Mentioned in an earlier reply, but was just thinki Show quoted text On 2013/10/09 19:18:00, Ryan Sleevi wrote: > Why would you need to? What's the thought? Mentioned in an earlier reply, but was just thinking about the "Honor trust roots per-profile" bug. Cert verification needs to be profile aware in some manner, right? I guess the comment is just saying I'm not sure yet how that will work.
454 SECStatus rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer,	455 SECStatus rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer,

455 &cvin[0], cvout, NULL);	456 &cvin[0], cvout, NULL);

456 if (rv != SECSuccess) {	457 if (rv != SECSuccess) {

457 rv = RetryPKIXVerifyCertWithWorkarounds(cert_handle, num_policy_oids,	458 rv = RetryPKIXVerifyCertWithWorkarounds(cert_handle, num_policy_oids,

458 cert_io_enabled, &cvin, cvout);	459 cert_io_enabled, &cvin, cvout);

459 }	460 }

460 return rv;	461 return rv;

461 }	462 }

462	463

463 // PKIXVerifyCert calls this function to work around some bugs in	464 // PKIXVerifyCert calls this function to work around some bugs in

(...skipping 418 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
882 if (VerifyEV(cert_handle, flags, crl_set, check_revocation, metadata,	883 if (VerifyEV(cert_handle, flags, crl_set, check_revocation, metadata,

883 ev_policy_oid, trust_anchors.get())) {	884 ev_policy_oid, trust_anchors.get())) {

884 verify_result->cert_status \|= CERT_STATUS_IS_EV;	885 verify_result->cert_status \|= CERT_STATUS_IS_EV;

885 }	886 }

886 }	887 }

887	888

888 return OK;	889 return OK;

889 }	890 }

890	891

891 } // namespace net	892 } // namespace net

OLD	NEW

« content/browser/renderer_host/render_message_filter.cc ('K') | « net/base/keygen_handler_unittest.cc ('k') | net/net.gyp » ('j') | no next file with comments »