OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
(...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
328 if (transport_security_state_ && | 328 if (transport_security_state_ && |
329 (result == OK || | 329 (result == OK || |
330 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 330 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
331 !transport_security_state_->CheckPublicKeyPins( | 331 !transport_security_state_->CheckPublicKeyPins( |
332 HostPortPair(hostname_, port_), | 332 HostPortPair(hostname_, port_), |
333 cert_verify_result.is_issued_by_known_root, | 333 cert_verify_result.is_issued_by_known_root, |
334 cert_verify_result.public_key_hashes, cert_.get(), | 334 cert_verify_result.public_key_hashes, cert_.get(), |
335 cert_verify_result.verified_cert.get(), | 335 cert_verify_result.verified_cert.get(), |
336 TransportSecurityState::ENABLE_PIN_REPORTS, | 336 TransportSecurityState::ENABLE_PIN_REPORTS, |
337 &verify_details_->pinning_failure_log)) { | 337 &verify_details_->pinning_failure_log)) { |
338 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 338 if (cert_verify_result.is_issued_by_known_root) |
| 339 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 340 else |
| 341 verify_details_->cert_verify_result.pkp_bypassed = true; |
339 } | 342 } |
340 | 343 |
341 if (result != OK) { | 344 if (result != OK) { |
342 std::string error_string = ErrorToString(result); | 345 std::string error_string = ErrorToString(result); |
343 error_details_ = StringPrintf("Failed to verify certificate chain: %s", | 346 error_details_ = StringPrintf("Failed to verify certificate chain: %s", |
344 error_string.c_str()); | 347 error_string.c_str()); |
345 DLOG(WARNING) << error_details_; | 348 DLOG(WARNING) << error_details_; |
346 } | 349 } |
347 | 350 |
348 // Exit DoLoop and return the result to the caller to VerifyProof. | 351 // Exit DoLoop and return the result to the caller to VerifyProof. |
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
465 } | 468 } |
466 return status; | 469 return status; |
467 } | 470 } |
468 | 471 |
469 void ProofVerifierChromium::OnJobComplete(Job* job) { | 472 void ProofVerifierChromium::OnJobComplete(Job* job) { |
470 active_jobs_.erase(job); | 473 active_jobs_.erase(job); |
471 delete job; | 474 delete job; |
472 } | 475 } |
473 | 476 |
474 } // namespace net | 477 } // namespace net |
OLD | NEW |