Chromium Code Reviews Chromium Code Reviews
Issue 2120703003:
QUIC - Race Cert Verification with host resolution if certs are (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| (...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 221 // Note that this is a completely synchronous operation: The CT Log Verifier | 221 // Note that this is a completely synchronous operation: The CT Log Verifier |
| 222 // gets all the data it needs for SCT verification and does not do any | 222 // gets all the data it needs for SCT verification and does not do any |
| 223 // external communication. | 223 // external communication. |
| 224 cert_transparency_verifier_->Verify(cert_.get(), std::string(), cert_sct, | 224 cert_transparency_verifier_->Verify(cert_.get(), std::string(), cert_sct, |
| 225 &verify_details_->ct_verify_result, | 225 &verify_details_->ct_verify_result, |
| 226 net_log_); | 226 net_log_); |
| 227 } | 227 } |
| 228 | 228 |
| 229 // We call VerifySignature first to avoid copying of server_config and | 229 // We call VerifySignature first to avoid copying of server_config and |
| 230 // signature. | 230 // signature. |
| 231 if (!VerifySignature(server_config, quic_version, chlo_hash, signature, | 231 if (!signature.empty() && |
|
ramant (doing other things)
2016/07/06 15:27:18
Hi Ryan,
Is it better to pass "verify_cert_only"
Ryan Hamilton
2016/07/07 00:24:36
Yeah, I think being more explicit would be better.
ramant (doing other things)
2016/07/07 16:18:20
Added a new method.
| |
| 232 !VerifySignature(server_config, quic_version, chlo_hash, signature, | |
| 232 certs[0])) { | 233 certs[0])) { |
| 233 *error_details = "Failed to verify signature of server config"; | 234 *error_details = "Failed to verify signature of server config"; |
| 234 DLOG(WARNING) << *error_details; | 235 DLOG(WARNING) << *error_details; |
| 235 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 236 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
| 236 *verify_details = std::move(verify_details_); | 237 *verify_details = std::move(verify_details_); |
| 237 return QUIC_FAILURE; | 238 return QUIC_FAILURE; |
| 238 } | 239 } |
| 239 | 240 |
| 240 hostname_ = hostname; | 241 hostname_ = hostname; |
| 241 port_ = port; | 242 port_ = port; |
| (...skipping 268 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 510 } | 511 } |
| 511 return status; | 512 return status; |
| 512 } | 513 } |
| 513 | 514 |
| 514 void ProofVerifierChromium::OnJobComplete(Job* job) { | 515 void ProofVerifierChromium::OnJobComplete(Job* job) { |
| 515 active_jobs_.erase(job); | 516 active_jobs_.erase(job); |
| 516 delete job; | 517 delete job; |
| 517 } | 518 } |
| 518 | 519 |
| 519 } // namespace net | 520 } // namespace net |
| OLD | NEW |
