Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(286)

Unified Diff: net/socket/ssl_client_socket_impl.cc

Issue 2040513003: Implement Expect-Staple (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Move OCSP into cert_verify_proc Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/socket/ssl_client_socket_impl.cc
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc
index 01acc54ffcfe0c1d2f14381263c74147f1adf978..d72c462d9544a288850c02c9e46c058940384cde 100644
--- a/net/socket/ssl_client_socket_impl.cc
+++ b/net/socket/ssl_client_socket_impl.cc
@@ -797,6 +797,7 @@ bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) {
ssl_info->pinning_failure_log = pinning_failure_log_;
AddCTInfoToSSLInfo(ssl_info);
+ ssl_info->ocsp = server_cert_verify_result_.ocsp;
const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_);
CHECK(cipher);
@@ -1357,6 +1358,8 @@ int SSLClientSocketImpl::DoVerifyCertComplete(int result) {
// the connection.
VerifyCT();
+ ReportOCSP();
+
DCHECK(!certificate_verified_);
certificate_verified_ = true;
MaybeCacheSession();
@@ -1438,6 +1441,13 @@ void SSLClientSocketImpl::VerifyCT() {
ct_verify_result_.verified_scts, net_log_);
}
+void SSLClientSocketImpl::ReportOCSP() {
+ transport_security_state_->CheckExpectStaple(
+ host_and_port_, *server_cert_verify_result_.verified_cert, *server_cert_,
+ server_cert_verify_result_.is_issued_by_known_root,
+ server_cert_verify_result_.ocsp);
+}
+
void SSLClientSocketImpl::OnHandshakeIOComplete(int result) {
int rv = DoHandshakeLoop(result);
if (rv != ERR_IO_PENDING) {

Powered by Google App Engine
This is Rietveld 408576698