Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(31)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 21071: Add X509Certificate::Verify stubs for Mac and Linux.... (Closed)

Created:
11 years, 10 months ago by wtc
Modified:
9 years, 7 months ago
Reviewers:
eroman, abarth-chromium
CC:
chromium-reviews_googlegroups.com
Visibility:
Public.

Description

Add X509Certificate::Verify stubs for Mac and Linux. They do nothing but return ERR_NOT_IMPLEMENTED. In SSLClientSocketWin, call X509Certificate::CreateFromHandle only once and store the result in the server_cert_ member. Add the CertVerifyResult::Reset method to clear all members. R=eroman BUG=3592 Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=9272

Patch Set 1 #

Patch Set 2 : '' #

Total comments: 6

Patch Set 3 : '' #

Patch Set 4 : '' #

Unified diffs Side-by-side diffs Delta from patch set Stats (+51 lines, -39 lines) Patch
M net/base/cert_verify_result.h View 1 2 1 chunk +11 lines, -4 lines 0 comments Download
M net/base/ssl_client_socket_win.h View 1 chunk +1 line, -1 line 0 comments Download
M net/base/ssl_client_socket_win.cc View 1 2 5 chunks +14 lines, -27 lines 0 comments Download
M net/base/x509_certificate.h View 1 chunk +6 lines, -0 lines 0 comments Download
M net/base/x509_certificate_mac.cc View 1 2 2 chunks +8 lines, -0 lines 0 comments Download
M net/base/x509_certificate_nss.cc View 1 2 2 chunks +8 lines, -0 lines 0 comments Download
M net/base/x509_certificate_win.cc View 1 2 2 chunks +3 lines, -7 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
wtc
eroman: please review the whole CL. abarth: you only need to review the comments I ...
11 years, 10 months ago (2009-02-05 01:59:14 UTC) #1
eroman
lgtm http://codereview.chromium.org/21071/diff/17/21 File net/base/cert_verify_result.h (right): http://codereview.chromium.org/21071/diff/17/21#newcode16 Line 16: has_md5_ca(false), has_md2_ca(false) { Maybe just call Reset() ...
11 years, 10 months ago (2009-02-05 03:11:32 UTC) #2
abarth-chromium
Yep. Those comments are right.
11 years, 10 months ago (2009-02-05 05:38:50 UTC) #3
wtc
Eric, I made all the changes you suggested. Please review the new patch set. http://codereview.chromium.org/21071/diff/17/20 ...
11 years, 10 months ago (2009-02-05 18:50:13 UTC) #4
wtc
11 years, 10 months ago (2009-02-05 18:55:39 UTC) #5 
http://codereview.chromium.org/21071/diff/17/20
File net/base/ssl_client_socket_win.cc (right):

http://codereview.chromium.org/21071/diff/17/20#newcode688
Line 688: return verifier_.Verify(server_cert_, hostname_,
On 2009/02/05 03:11:33, eroman wrote:
> Is there any danger in accessing a cert_handle from multiple threads?
> 
> This looks fine to me, but figured I should ask anyway since I don't know much
> about PCCERT_CONTEXT. For example Verify accesses cert_handle_->hCertStore, so
> thinking if it could be possible for hCertStore to be changing while Verify()
is
> reading it.

More thought: Since server_cert_ is now a
scoped_refptr<X509Certificate>, the cert verifier could
potentially access the X509Certificate object, rather
than just the OSCertHandle.

I wonder if we should eliminate that possibility by
passing the OSCertHandle instead to the cert verifier.
This would require changing X509Certificate::Verify to
be a static method that takes an OSCertHandle.

What do you think?  (If we're going to do this, I'd do
it in a follow-up CL.)

Powered by Google App Engine
This is Rietveld 408576698