| Index: net/cert/multi_log_ct_verifier.cc
|
| diff --git a/net/cert/multi_log_ct_verifier.cc b/net/cert/multi_log_ct_verifier.cc
|
| index d3ff7375a9c8292b1c6c60d3dcb6eed09b0b65d6..8c15f9a3c11e3c9199d344de81b135b49dfc8342 100644
|
| --- a/net/cert/multi_log_ct_verifier.cc
|
| +++ b/net/cert/multi_log_ct_verifier.cc
|
| @@ -5,6 +5,7 @@
|
| #include "net/cert/multi_log_ct_verifier.h"
|
|
|
| #include <vector>
|
| +#include <utility>
|
|
|
| #include "base/bind.h"
|
| #include "base/callback_helpers.h"
|
| @@ -197,19 +198,23 @@ bool MultiLogCTVerifier::VerifySingleSCT(
|
| }
|
|
|
| sct->log_description = it->second->description();
|
| + ct::SCTVerifyStatus sct_status = ct::SCT_STATUS_NONE;
|
|
|
| if (!it->second->Verify(expected_entry, *sct.get())) {
|
| DVLOG(1) << "Unable to verify SCT signature.";
|
| - result->invalid_scts.push_back(sct);
|
| - LogSCTStatusToUMA(ct::SCT_STATUS_INVALID);
|
| - return false;
|
| + sct_status = ct::SCT_STATUS_INVALID_SIGNATURE;
|
| }
|
|
|
| // SCT verified ok, just make sure the timestamp is legitimate.
|
| if (sct->timestamp > base::Time::Now()) {
|
| DVLOG(1) << "SCT is from the future!";
|
| - result->invalid_scts.push_back(sct);
|
| - LogSCTStatusToUMA(ct::SCT_STATUS_INVALID);
|
| + sct_status = ct::SCT_STATUS_INVALID_TIMESTAMP;
|
| + }
|
| +
|
| + if (sct_status == ct::SCT_STATUS_INVALID_TIMESTAMP ||
|
| + sct_status == ct::SCT_STATUS_INVALID_SIGNATURE) {
|
| + result->invalid_scts.push_back(std::make_pair(sct, sct_status));
|
| + LogSCTStatusToUMA(sct_status);
|
| return false;
|
| }
|
|
|
|
|