| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| (...skipping 330 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 341 | 341 |
| 342 if ((result == OK || | 342 if ((result == OK || |
| 343 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 343 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
| 344 !transport_security_state_->CheckPublicKeyPins( | 344 !transport_security_state_->CheckPublicKeyPins( |
| 345 HostPortPair(hostname_, port_), | 345 HostPortPair(hostname_, port_), |
| 346 cert_verify_result.is_issued_by_known_root, | 346 cert_verify_result.is_issued_by_known_root, |
| 347 cert_verify_result.public_key_hashes, cert_.get(), | 347 cert_verify_result.public_key_hashes, cert_.get(), |
| 348 cert_verify_result.verified_cert.get(), | 348 cert_verify_result.verified_cert.get(), |
| 349 TransportSecurityState::ENABLE_PIN_REPORTS, | 349 TransportSecurityState::ENABLE_PIN_REPORTS, |
| 350 &verify_details_->pinning_failure_log)) { | 350 &verify_details_->pinning_failure_log)) { |
| 351 if (cert_verify_result.is_issued_by_known_root) | 351 if (cert_verify_result.is_issued_by_known_root) { |
| 352 verify_details_->cert_verify_result.cert_status |= |
| 353 CERT_STATUS_PINNED_KEY_MISSING; |
| 352 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 354 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 353 else | 355 } else { |
| 354 verify_details_->pkp_bypassed = true; | 356 verify_details_->pkp_bypassed = true; |
| 357 } |
| 355 } | 358 } |
| 356 | 359 |
| 357 if (result != OK) { | 360 if (result != OK) { |
| 358 std::string error_string = ErrorToString(result); | 361 std::string error_string = ErrorToString(result); |
| 359 error_details_ = StringPrintf("Failed to verify certificate chain: %s", | 362 error_details_ = StringPrintf("Failed to verify certificate chain: %s", |
| 360 error_string.c_str()); | 363 error_string.c_str()); |
| 361 DLOG(WARNING) << error_details_; | 364 DLOG(WARNING) << error_details_; |
| 362 } | 365 } |
| 363 | 366 |
| 364 // Exit DoLoop and return the result to the caller to VerifyProof. | 367 // Exit DoLoop and return the result to the caller to VerifyProof. |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 486 } | 489 } |
| 487 return status; | 490 return status; |
| 488 } | 491 } |
| 489 | 492 |
| 490 void ProofVerifierChromium::OnJobComplete(Job* job) { | 493 void ProofVerifierChromium::OnJobComplete(Job* job) { |
| 491 active_jobs_.erase(job); | 494 active_jobs_.erase(job); |
| 492 delete job; | 495 delete job; |
| 493 } | 496 } |
| 494 | 497 |
| 495 } // namespace net | 498 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2084783002:
Cleanup HPKP error handling and weak DH key handling (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@require_ct_enforcer