| Index: net/cert/cert_verify_proc_ios.cc
|
| diff --git a/net/cert/cert_verify_proc_ios.cc b/net/cert/cert_verify_proc_ios.cc
|
| index 05276b308cfd9feabddaa29258f7423903750561..6a964692480a100594e78d9a7e010f27a906bc68 100644
|
| --- a/net/cert/cert_verify_proc_ios.cc
|
| +++ b/net/cert/cert_verify_proc_ios.cc
|
| @@ -13,6 +13,7 @@
|
| #include "net/base/net_errors.h"
|
| #include "net/cert/asn1_util.h"
|
| #include "net/cert/cert_verify_result.h"
|
| +#include "net/cert/sec_trust_util.h"
|
| #include "net/cert/test_root_certs.h"
|
| #include "net/cert/x509_certificate.h"
|
| #include "net/ssl/openssl_ssl_util.h"
|
| @@ -172,62 +173,6 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
|
| X509Certificate::CreateFromHandle(verified_cert, verified_chain);
|
| }
|
|
|
| -// The iOS APIs don't expose an API-stable set of reasons for certificate
|
| -// validation failures. However, internally, the reason is tracked, and it's
|
| -// converted to user-facing localized strings.
|
| -//
|
| -// In the absence of a consistent API, convert the English strings to their
|
| -// localized counterpart, and then compare that with the error properties. If
|
| -// they're equal, it's a strong sign that this was the cause for the error.
|
| -// While this will break if/when iOS changes the contents of these strings,
|
| -// it's sufficient enough for now.
|
| -//
|
| -// TODO(rsleevi): https://crbug.com/601915 - Use a less brittle solution when
|
| -// possible.
|
| -CertStatus GetFailureFromTrustProperties(CFArrayRef properties) {
|
| - CertStatus reason = 0;
|
| -
|
| - if (!properties)
|
| - return CERT_STATUS_INVALID;
|
| -
|
| - const CFIndex properties_length = CFArrayGetCount(properties);
|
| - if (properties_length == 0)
|
| - return CERT_STATUS_INVALID;
|
| -
|
| - CFBundleRef bundle =
|
| - CFBundleGetBundleWithIdentifier(CFSTR("com.apple.Security"));
|
| - CFStringRef date_string =
|
| - CFSTR("One or more certificates have expired or are not valid yet.");
|
| - ScopedCFTypeRef<CFStringRef> date_error(CFBundleCopyLocalizedString(
|
| - bundle, date_string, date_string, CFSTR("SecCertificate")));
|
| - CFStringRef trust_string = CFSTR("Root certificate is not trusted.");
|
| - ScopedCFTypeRef<CFStringRef> trust_error(CFBundleCopyLocalizedString(
|
| - bundle, trust_string, trust_string, CFSTR("SecCertificate")));
|
| - CFStringRef weak_string =
|
| - CFSTR("One or more certificates is using a weak key size.");
|
| - ScopedCFTypeRef<CFStringRef> weak_error(CFBundleCopyLocalizedString(
|
| - bundle, weak_string, weak_string, CFSTR("SecCertificate")));
|
| -
|
| - for (CFIndex i = 0; i < properties_length; ++i) {
|
| - CFDictionaryRef dict = reinterpret_cast<CFDictionaryRef>(
|
| - const_cast<void*>(CFArrayGetValueAtIndex(properties, i)));
|
| - CFStringRef error = reinterpret_cast<CFStringRef>(
|
| - const_cast<void*>(CFDictionaryGetValue(dict, CFSTR("value"))));
|
| -
|
| - if (CFEqual(error, date_error)) {
|
| - reason |= CERT_STATUS_DATE_INVALID;
|
| - } else if (CFEqual(error, trust_error)) {
|
| - reason |= CERT_STATUS_AUTHORITY_INVALID;
|
| - } else if (CFEqual(error, weak_error)) {
|
| - reason |= CERT_STATUS_WEAK_KEY;
|
| - } else {
|
| - reason |= CERT_STATUS_INVALID;
|
| - }
|
| - }
|
| -
|
| - return reason;
|
| -}
|
| -
|
| } // namespace
|
|
|
| CertVerifyProcIOS::CertVerifyProcIOS() {}
|
| @@ -278,8 +223,7 @@ int CertVerifyProcIOS::VerifyInternal(
|
| verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;
|
| break;
|
| default:
|
| - ScopedCFTypeRef<CFArrayRef> properties(SecTrustCopyProperties(trust_ref));
|
| - verify_result->cert_status |= GetFailureFromTrustProperties(properties);
|
| + verify_result->cert_status |= GetCertFailureStatusFromTrust(trust_ref);
|
| }
|
|
|
| GetCertChainInfo(final_chain, verify_result);
|
|
|
Chromium Code Reviews
Issue 2225483002:
[ios] Removed CertVerifierBlockAdapter. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master