Chromium Code Reviews Chromium Code Reviews
Issue 2292333002:
Add errors per ResultPath for CertPathBuilder. (Closed)
| Index: net/cert/internal/verify_certificate_chain.cc |
| diff --git a/net/cert/internal/verify_certificate_chain.cc b/net/cert/internal/verify_certificate_chain.cc |
| index 956c1736cbadcbb45f222e177ab1927a253e7515..9dee86a9556cce1ec82e9452d27004765d75ae0b 100644 |
| --- a/net/cert/internal/verify_certificate_chain.cc |
| +++ b/net/cert/internal/verify_certificate_chain.cc |
| @@ -455,7 +455,6 @@ bool VerifyCertificateChain(const ParsedCertificateList& certs, |
| const SignaturePolicy* signature_policy, |
| const der::GeneralizedTime& time, |
| CertErrors* errors) { |
| - DCHECK(trust_anchor); |
| DCHECK(signature_policy); |
| DCHECK(errors); |
| @@ -465,6 +464,11 @@ bool VerifyCertificateChain(const ParsedCertificateList& certs, |
| return false; |
| } |
| + if (!trust_anchor) { |
|
mattm
2016/08/31 19:49:49
does something hit this currently? or just to be m
eroman
2016/08/31 21:46:50
Good question, let me run a test to find out.
The
eroman
2016/08/31 21:55:37
Ran the tests -- nothing reaches this.
... which
eroman
2016/09/01 03:44:51
Done -- removed
|
| + errors->Add(kNullTrustAnchor); |
| + return false; |
| + } |
| + |
| // Will contain a NameConstraints for each previous cert in the chain which |
| // had nameConstraints. This corresponds to the permitted_subtrees and |
| // excluded_subtrees state variables from RFC 5280. |
| @@ -591,6 +595,7 @@ DEFINE_CERT_ERROR_TYPE(kValidityFailedNotBefore, "Time is before notBefore"); |
| DEFINE_CERT_ERROR_TYPE(kSignatureAlgorithmsDifferentEncoding, |
| "Certificate.signatureAlgorithm is encoded differently " |
| "than TBSCertificate.signature"); |
| +DEFINE_CERT_ERROR_TYPE(kNullTrustAnchor, "Missing trust anchor"); |
| } // verify_certificate_chain_errors |
