| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
| 9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
| 10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
| (...skipping 780 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 791 ssl_info->is_issued_by_known_root = | 791 ssl_info->is_issued_by_known_root = |
| 792 server_cert_verify_result_.is_issued_by_known_root; | 792 server_cert_verify_result_.is_issued_by_known_root; |
| 793 ssl_info->pkp_bypassed = pkp_bypassed_; | 793 ssl_info->pkp_bypassed = pkp_bypassed_; |
| 794 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; | 794 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; |
| 795 ssl_info->client_cert_sent = | 795 ssl_info->client_cert_sent = |
| 796 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); | 796 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
| 797 ssl_info->channel_id_sent = channel_id_sent_; | 797 ssl_info->channel_id_sent = channel_id_sent_; |
| 798 ssl_info->token_binding_negotiated = tb_was_negotiated_; | 798 ssl_info->token_binding_negotiated = tb_was_negotiated_; |
| 799 ssl_info->token_binding_key_param = tb_negotiated_param_; | 799 ssl_info->token_binding_key_param = tb_negotiated_param_; |
| 800 ssl_info->pinning_failure_log = pinning_failure_log_; | 800 ssl_info->pinning_failure_log = pinning_failure_log_; |
| 801 ssl_info->ocsp_result = server_cert_verify_result_.ocsp_result; |
| 801 | 802 |
| 802 AddCTInfoToSSLInfo(ssl_info); | 803 AddCTInfoToSSLInfo(ssl_info); |
| 803 | 804 |
| 804 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); | 805 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); |
| 805 CHECK(cipher); | 806 CHECK(cipher); |
| 806 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); | 807 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); |
| 807 ssl_info->key_exchange_info = | 808 ssl_info->key_exchange_info = |
| 808 SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_)); | 809 SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_)); |
| 809 | 810 |
| 810 SSLConnectionStatusSetCipherSuite( | 811 SSLConnectionStatusSetCipherSuite( |
| (...skipping 469 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1280 } | 1281 } |
| 1281 CertStatus cert_status; | 1282 CertStatus cert_status; |
| 1282 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { | 1283 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { |
| 1283 server_cert_verify_result_.Reset(); | 1284 server_cert_verify_result_.Reset(); |
| 1284 server_cert_verify_result_.cert_status = cert_status; | 1285 server_cert_verify_result_.cert_status = cert_status; |
| 1285 server_cert_verify_result_.verified_cert = server_cert_; | 1286 server_cert_verify_result_.verified_cert = server_cert_; |
| 1286 return OK; | 1287 return OK; |
| 1287 } | 1288 } |
| 1288 | 1289 |
| 1289 std::string ocsp_response; | 1290 std::string ocsp_response; |
| 1290 if (cert_verifier_->SupportsOCSPStapling()) { | 1291 const uint8_t* ocsp_response_raw; |
| 1291 const uint8_t* ocsp_response_raw; | 1292 size_t ocsp_response_len; |
| 1292 size_t ocsp_response_len; | 1293 SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len); |
| 1293 SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len); | 1294 ocsp_response.assign(reinterpret_cast<const char*>(ocsp_response_raw), |
| 1294 ocsp_response.assign(reinterpret_cast<const char*>(ocsp_response_raw), | 1295 ocsp_response_len); |
| 1295 ocsp_response_len); | |
| 1296 } | |
| 1297 | 1296 |
| 1298 start_cert_verification_time_ = base::TimeTicks::Now(); | 1297 start_cert_verification_time_ = base::TimeTicks::Now(); |
| 1299 | 1298 |
| 1300 return cert_verifier_->Verify( | 1299 return cert_verifier_->Verify( |
| 1301 CertVerifier::RequestParams(server_cert_, host_and_port_.host(), | 1300 CertVerifier::RequestParams(server_cert_, host_and_port_.host(), |
| 1302 ssl_config_.GetCertVerifyFlags(), | 1301 ssl_config_.GetCertVerifyFlags(), |
| 1303 ocsp_response, CertificateList()), | 1302 ocsp_response, CertificateList()), |
| 1304 // TODO(davidben): Route the CRLSet through SSLConfig so | 1303 // TODO(davidben): Route the CRLSet through SSLConfig so |
| 1305 // SSLClientSocket doesn't depend on SSLConfigService. | 1304 // SSLClientSocket doesn't depend on SSLConfigService. |
| 1306 SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, | 1305 SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, |
| (...skipping 1016 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2323 if (rv != OK) { | 2322 if (rv != OK) { |
| 2324 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 2323 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
| 2325 return; | 2324 return; |
| 2326 } | 2325 } |
| 2327 | 2326 |
| 2328 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, | 2327 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, |
| 2329 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); | 2328 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); |
| 2330 } | 2329 } |
| 2331 | 2330 |
| 2332 } // namespace net | 2331 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2100303002:
Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-date-check