Chromium Code Reviews Chromium Code Reviews
Issue 2282183004:
Add error information to VerifyCertificateChain(). (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/path_builder.h" | 5 #include "net/cert/internal/path_builder.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <unordered_set> | 8 #include <unordered_set> |
| 9 | 9 |
| 10 #include "base/callback_helpers.h" | 10 #include "base/callback_helpers.h" |
| (...skipping 617 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 628 base::ResetAndReturn(&callback_).Run(); | 628 base::ResetAndReturn(&callback_).Run(); |
| 629 } | 629 } |
| 630 | 630 |
| 631 CompletionStatus CertPathBuilder::DoGetNextPathComplete() { | 631 CompletionStatus CertPathBuilder::DoGetNextPathComplete() { |
| 632 if (next_path_.IsEmpty()) { | 632 if (next_path_.IsEmpty()) { |
| 633 // No more paths to check, signal completion. | 633 // No more paths to check, signal completion. |
| 634 next_state_ = STATE_NONE; | 634 next_state_ = STATE_NONE; |
| 635 return CompletionStatus::SYNC; | 635 return CompletionStatus::SYNC; |
| 636 } | 636 } |
| 637 | 637 |
| 638 // TODO(crbug.com/634443): Expose CertErrors on ResultPath. | |
|
mattm
2016/08/29 22:15:11
I guess there would also be a CertErrors on the Re
eroman
2016/08/29 22:55:18
Yes, I expect so.
(This TODO was specifically abo
| |
| 639 CertErrors errors; | |
| 638 bool verify_result = | 640 bool verify_result = |
| 639 next_path_.trust_anchor.get() && | 641 next_path_.trust_anchor.get() && |
| 640 VerifyCertificateChain(next_path_.certs, next_path_.trust_anchor.get(), | 642 VerifyCertificateChain(next_path_.certs, next_path_.trust_anchor.get(), |
| 641 signature_policy_, time_); | 643 signature_policy_, time_, &errors); |
| 642 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " | 644 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " |
| 643 << verify_result; | 645 << verify_result; |
| 644 AddResultPath(next_path_, verify_result); | 646 AddResultPath(next_path_, verify_result); |
| 645 | 647 |
| 646 if (verify_result) { | 648 if (verify_result) { |
| 647 // Found a valid path, return immediately. | 649 // Found a valid path, return immediately. |
| 648 // TODO(mattm): add debug/test mode that tries all possible paths. | 650 // TODO(mattm): add debug/test mode that tries all possible paths. |
| 649 next_state_ = STATE_NONE; | 651 next_state_ = STATE_NONE; |
| 650 return CompletionStatus::SYNC; | 652 return CompletionStatus::SYNC; |
| 651 } | 653 } |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 663 result_path->error = is_success ? OK : ERR_CERT_AUTHORITY_INVALID; | 665 result_path->error = is_success ? OK : ERR_CERT_AUTHORITY_INVALID; |
| 664 // TODO(mattm): set best_result_index based on number or severity of errors. | 666 // TODO(mattm): set best_result_index based on number or severity of errors. |
| 665 if (result_path->error == OK) | 667 if (result_path->error == OK) |
| 666 out_result_->best_result_index = out_result_->paths.size(); | 668 out_result_->best_result_index = out_result_->paths.size(); |
| 667 // TODO(mattm): add flag to only return a single path or all attempted paths? | 669 // TODO(mattm): add flag to only return a single path or all attempted paths? |
| 668 result_path->path = path; | 670 result_path->path = path; |
| 669 out_result_->paths.push_back(std::move(result_path)); | 671 out_result_->paths.push_back(std::move(result_path)); |
| 670 } | 672 } |
| 671 | 673 |
| 672 } // namespace net | 674 } // namespace net |
| OLD | NEW |
