Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Side by Side Diff: net/cert/x509_util_mac.cc

Issue 2373533003: Mac: Use SecPolicyCreateSSL instead of CreatePolicy(&CSSMOID_APPLE_TP_SSL, ...) (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/x509_util_mac.h" 5 #include "net/cert/x509_util_mac.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/mac/mac_util.h" 8 #include "base/mac/mac_util.h"
9 #include "base/mac/scoped_cftyperef.h"
10 #include "base/strings/sys_string_conversions.h"
9 #include "third_party/apple_apsl/cssmapplePriv.h" 11 #include "third_party/apple_apsl/cssmapplePriv.h"
10 12
11 namespace net { 13 namespace net {
12 14
13 // CSSM functions are deprecated as of OSX 10.7, but have no replacement. 15 // CSSM functions are deprecated as of OSX 10.7, but have no replacement.
14 // https://bugs.chromium.org/p/chromium/issues/detail?id=590914#c1 16 // https://bugs.chromium.org/p/chromium/issues/detail?id=590914#c1
15 #pragma clang diagnostic push 17 #pragma clang diagnostic push
16 #pragma clang diagnostic ignored "-Wdeprecated-declarations" 18 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
17 19
18 namespace x509_util { 20 namespace x509_util {
(...skipping 26 matching lines...) Expand all
45 return err; 47 return err;
46 } 48 }
47 } 49 }
48 return noErr; 50 return noErr;
49 } 51 }
50 52
51 } // namespace 53 } // namespace
52 54
53 55
54 OSStatus CreateSSLClientPolicy(SecPolicyRef* policy) { 56 OSStatus CreateSSLClientPolicy(SecPolicyRef* policy) {
55 CSSM_APPLE_TP_SSL_OPTIONS tp_ssl_options; 57 *policy = SecPolicyCreateSSL(false /* server */, nullptr);
56 memset(&tp_ssl_options, 0, sizeof(tp_ssl_options)); 58 // XXX check *policy is not null?
57 tp_ssl_options.Version = CSSM_APPLE_TP_SSL_OPTS_VERSION; 59 return noErr;
Ryan Sleevi 2016/09/27 22:04:42 ERR_NOT_IMPLEMENTED / errSecNoPolicyModule
mattm 2016/09/27 23:39:22 Done.
58 tp_ssl_options.Flags |= CSSM_APPLE_TP_SSL_CLIENT;
59
60 return CreatePolicy(&CSSMOID_APPLE_TP_SSL, &tp_ssl_options,
61 sizeof(tp_ssl_options), policy);
62 } 60 }
63 61
64 OSStatus CreateSSLServerPolicy(const std::string& hostname, 62 OSStatus CreateSSLServerPolicy(const std::string& hostname,
65 SecPolicyRef* policy) { 63 SecPolicyRef* policy) {
64 base::ScopedCFTypeRef<CFStringRef> hostname_cfstring;
Ryan Sleevi 2016/09/27 22:04:42 hostname_cfstring feels a little weird (naming), i
mattm 2016/09/27 23:39:22 I suppose an argument could be made about variable
66 if (!hostname.empty()) { 65 if (!hostname.empty()) {
67 CSSM_APPLE_TP_SSL_OPTIONS tp_ssl_options; 66 hostname_cfstring.reset(base::SysUTF8ToCFStringRef(hostname));
68 memset(&tp_ssl_options, 0, sizeof(tp_ssl_options)); 67 if (!hostname_cfstring) {
69 tp_ssl_options.Version = CSSM_APPLE_TP_SSL_OPTS_VERSION; 68 // XXX better error code?
Ryan Sleevi 2016/09/27 22:04:42 ERR_NOT_IMPLEMENTED / errSecNoPolicyModule
mattm 2016/09/27 23:39:22 Done.
70 tp_ssl_options.ServerName = hostname.data(); 69 return errSecParam;
71 tp_ssl_options.ServerNameLen = hostname.size(); 70 }
72
73 return CreatePolicy(&CSSMOID_APPLE_TP_SSL, &tp_ssl_options,
74 sizeof(tp_ssl_options), policy);
75 } 71 }
76 72
77 return CreatePolicy(&CSSMOID_APPLE_TP_SSL, nullptr, 0U, policy); 73 *policy = SecPolicyCreateSSL(true /* server */, hostname_cfstring.get());
74 // XXX check *policy is not null?
75 return noErr;
78 } 76 }
79 77
80 OSStatus CreateBasicX509Policy(SecPolicyRef* policy) { 78 OSStatus CreateBasicX509Policy(SecPolicyRef* policy) {
81 return CreatePolicy(&CSSMOID_APPLE_X509_BASIC, NULL, 0, policy); 79 return CreatePolicy(&CSSMOID_APPLE_X509_BASIC, NULL, 0, policy);
Ryan Sleevi 2016/09/27 22:04:42 For safety, we can probably replace this with http
mattm 2016/09/27 23:39:22 Done.
82 } 80 }
83 81
84 OSStatus CreateRevocationPolicies(bool enable_revocation_checking, 82 OSStatus CreateRevocationPolicies(bool enable_revocation_checking,
85 bool enable_ev_checking, 83 bool enable_ev_checking,
86 CFMutableArrayRef policies) { 84 CFMutableArrayRef policies) {
87 OSStatus status = noErr; 85 OSStatus status = noErr;
88 86
89 // In order to bypass the system revocation checking settings, the 87 // In order to bypass the system revocation checking settings, the
90 // SecTrustRef must have at least one revocation policy associated with it. 88 // SecTrustRef must have at least one revocation policy associated with it.
91 // Since it is not known prior to verification whether the Apple TP will 89 // Since it is not known prior to verification whether the Apple TP will
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after
234 CSSM_CL_CertAbortQuery(cl_handle_, results_handle); 232 CSSM_CL_CertAbortQuery(cl_handle_, results_handle);
235 field->Reset(cl_handle_, oid, field_ptr); 233 field->Reset(cl_handle_, oid, field_ptr);
236 return CSSM_OK; 234 return CSSM_OK;
237 } 235 }
238 236
239 } // namespace x509_util 237 } // namespace x509_util
240 238
241 #pragma clang diagnostic pop // "-Wdeprecated-declarations" 239 #pragma clang diagnostic pop // "-Wdeprecated-declarations"
242 240
243 } // namespace net 241 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698