| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
| 9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
| 10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
| (...skipping 777 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 788 ssl_info->is_issued_by_known_root = | 788 ssl_info->is_issued_by_known_root = |
| 789 server_cert_verify_result_.is_issued_by_known_root; | 789 server_cert_verify_result_.is_issued_by_known_root; |
| 790 ssl_info->pkp_bypassed = pkp_bypassed_; | 790 ssl_info->pkp_bypassed = pkp_bypassed_; |
| 791 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; | 791 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; |
| 792 ssl_info->client_cert_sent = | 792 ssl_info->client_cert_sent = |
| 793 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); | 793 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
| 794 ssl_info->channel_id_sent = channel_id_sent_; | 794 ssl_info->channel_id_sent = channel_id_sent_; |
| 795 ssl_info->token_binding_negotiated = tb_was_negotiated_; | 795 ssl_info->token_binding_negotiated = tb_was_negotiated_; |
| 796 ssl_info->token_binding_key_param = tb_negotiated_param_; | 796 ssl_info->token_binding_key_param = tb_negotiated_param_; |
| 797 ssl_info->pinning_failure_log = pinning_failure_log_; | 797 ssl_info->pinning_failure_log = pinning_failure_log_; |
| 798 ssl_info->ocsp = server_cert_verify_result_.ocsp; |
| 798 | 799 |
| 799 AddCTInfoToSSLInfo(ssl_info); | 800 AddCTInfoToSSLInfo(ssl_info); |
| 800 | 801 |
| 801 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); | 802 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); |
| 802 CHECK(cipher); | 803 CHECK(cipher); |
| 803 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); | 804 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); |
| 804 ssl_info->key_exchange_info = | 805 ssl_info->key_exchange_info = |
| 805 SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_)); | 806 SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_)); |
| 806 | 807 |
| 807 SSLConnectionStatusSetCipherSuite( | 808 SSLConnectionStatusSetCipherSuite( |
| (...skipping 469 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1277 } | 1278 } |
| 1278 CertStatus cert_status; | 1279 CertStatus cert_status; |
| 1279 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { | 1280 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { |
| 1280 server_cert_verify_result_.Reset(); | 1281 server_cert_verify_result_.Reset(); |
| 1281 server_cert_verify_result_.cert_status = cert_status; | 1282 server_cert_verify_result_.cert_status = cert_status; |
| 1282 server_cert_verify_result_.verified_cert = server_cert_; | 1283 server_cert_verify_result_.verified_cert = server_cert_; |
| 1283 return OK; | 1284 return OK; |
| 1284 } | 1285 } |
| 1285 | 1286 |
| 1286 std::string ocsp_response; | 1287 std::string ocsp_response; |
| 1287 if (cert_verifier_->SupportsOCSPStapling()) { | 1288 const uint8_t* ocsp_response_raw; |
| 1288 const uint8_t* ocsp_response_raw; | 1289 size_t ocsp_response_len; |
| 1289 size_t ocsp_response_len; | 1290 SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len); |
| 1290 SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len); | 1291 ocsp_response.assign(reinterpret_cast<const char*>(ocsp_response_raw), |
| 1291 ocsp_response.assign(reinterpret_cast<const char*>(ocsp_response_raw), | 1292 ocsp_response_len); |
| 1292 ocsp_response_len); | |
| 1293 } | |
| 1294 | 1293 |
| 1295 start_cert_verification_time_ = base::TimeTicks::Now(); | 1294 start_cert_verification_time_ = base::TimeTicks::Now(); |
| 1296 | 1295 |
| 1297 return cert_verifier_->Verify( | 1296 return cert_verifier_->Verify( |
| 1298 CertVerifier::RequestParams(server_cert_, host_and_port_.host(), | 1297 CertVerifier::RequestParams(server_cert_, host_and_port_.host(), |
| 1299 ssl_config_.GetCertVerifyFlags(), | 1298 ssl_config_.GetCertVerifyFlags(), |
| 1300 ocsp_response, CertificateList()), | 1299 ocsp_response, CertificateList()), |
| 1301 // TODO(davidben): Route the CRLSet through SSLConfig so | 1300 // TODO(davidben): Route the CRLSet through SSLConfig so |
| 1302 // SSLClientSocket doesn't depend on SSLConfigService. | 1301 // SSLClientSocket doesn't depend on SSLConfigService. |
| 1303 SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, | 1302 SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, |
| (...skipping 1013 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2317 if (rv != OK) { | 2316 if (rv != OK) { |
| 2318 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 2317 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
| 2319 return; | 2318 return; |
| 2320 } | 2319 } |
| 2321 | 2320 |
| 2322 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, | 2321 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, |
| 2323 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); | 2322 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); |
| 2324 } | 2323 } |
| 2325 | 2324 |
| 2326 } // namespace net | 2325 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2100303002:
Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-date-check