OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/client_cert_store_mac.h" | 5 #include "net/ssl/client_cert_store_mac.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <CoreFoundation/CFArray.h> | 8 #include <CoreFoundation/CFArray.h> |
9 #include <CoreServices/CoreServices.h> | 9 #include <CoreServices/CoreServices.h> |
10 #include <Security/SecBase.h> | 10 #include <Security/SecBase.h> |
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
139 preliminary_list.insert(preliminary_list.end(), regular_certs.begin(), | 139 preliminary_list.insert(preliminary_list.end(), regular_certs.begin(), |
140 regular_certs.end()); | 140 regular_certs.end()); |
141 | 141 |
142 selected_certs->clear(); | 142 selected_certs->clear(); |
143 for (size_t i = 0; i < preliminary_list.size(); ++i) { | 143 for (size_t i = 0; i < preliminary_list.size(); ++i) { |
144 scoped_refptr<X509Certificate>& cert = preliminary_list[i]; | 144 scoped_refptr<X509Certificate>& cert = preliminary_list[i]; |
145 if (cert->HasExpired() || !cert->SupportsSSLClientAuth()) | 145 if (cert->HasExpired() || !cert->SupportsSSLClientAuth()) |
146 continue; | 146 continue; |
147 | 147 |
148 // Skip duplicates (a cert may be in multiple keychains). | 148 // Skip duplicates (a cert may be in multiple keychains). |
149 const SHA1HashValue& fingerprint = cert->fingerprint(); | |
150 auto cert_iter = std::find_if( | 149 auto cert_iter = std::find_if( |
151 selected_certs->begin(), selected_certs->end(), | 150 selected_certs->begin(), selected_certs->end(), |
152 [&fingerprint](const scoped_refptr<X509Certificate>& cert) { | 151 [&cert](const scoped_refptr<X509Certificate>& other_cert) { |
153 return cert->fingerprint() == fingerprint; | 152 return X509Certificate::IsSameOSCert(cert->os_cert_handle(), |
Ryan Sleevi
2016/05/20 06:02:32
Fixed this to do what it should have done :)
| |
153 other_cert->os_cert_handle()); | |
154 }); | 154 }); |
155 if (cert_iter != selected_certs->end()) | 155 if (cert_iter != selected_certs->end()) |
156 continue; | 156 continue; |
157 | 157 |
158 // Check if the certificate issuer is allowed by the server. | 158 // Check if the certificate issuer is allowed by the server. |
159 if (request.cert_authorities.empty() || | 159 if (request.cert_authorities.empty() || |
160 cert->IsIssuedByEncoded(request.cert_authorities) || | 160 cert->IsIssuedByEncoded(request.cert_authorities) || |
161 (query_keychain && | 161 (query_keychain && |
162 IsIssuedByInKeychain(request.cert_authorities, &cert))) { | 162 IsIssuedByInKeychain(request.cert_authorities, &cert))) { |
163 selected_certs->push_back(cert); | 163 selected_certs->push_back(cert); |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
275 const SSLCertRequestInfo& request, | 275 const SSLCertRequestInfo& request, |
276 CertificateList* selected_certs) { | 276 CertificateList* selected_certs) { |
277 GetClientCertsImpl( | 277 GetClientCertsImpl( |
278 preferred_cert, regular_certs, request, false, selected_certs); | 278 preferred_cert, regular_certs, request, false, selected_certs); |
279 return true; | 279 return true; |
280 } | 280 } |
281 | 281 |
282 #pragma clang diagnostic pop // "-Wdeprecated-declarations" | 282 #pragma clang diagnostic pop // "-Wdeprecated-declarations" |
283 | 283 |
284 } // namespace net | 284 } // namespace net |
OLD | NEW |