Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(384)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_util_mac.cc

Issue 2373653003: Revert of Hack for AIA fetching on Mac Sierra: On >=10.12, always do FETCH_CRL_FROM_NET if adding a crl polic… (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/x509_util_mac.h" 5 #include "net/cert/x509_util_mac.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/mac/mac_util.h"
9 #include "third_party/apple_apsl/cssmapplePriv.h" 8 #include "third_party/apple_apsl/cssmapplePriv.h"
10 9
11 namespace net { 10 namespace net {
12 11
13 // CSSM functions are deprecated as of OSX 10.7, but have no replacement. 12 // CSSM functions are deprecated as of OSX 10.7, but have no replacement.
14 // https://bugs.chromium.org/p/chromium/issues/detail?id=590914#c1 13 // https://bugs.chromium.org/p/chromium/issues/detail?id=590914#c1
15 #pragma clang diagnostic push 14 #pragma clang diagnostic push
16 #pragma clang diagnostic ignored "-Wdeprecated-declarations" 15 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
17 16
18 namespace x509_util { 17 namespace x509_util {
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after
94 // that the leaf is EV, then the default CRL policy will effectively no-op. 93 // that the leaf is EV, then the default CRL policy will effectively no-op.
95 // This behaviour is used to implement EV-only revocation checking. 94 // This behaviour is used to implement EV-only revocation checking.
96 if (enable_ev_checking || enable_revocation_checking) { 95 if (enable_ev_checking || enable_revocation_checking) {
97 CSSM_APPLE_TP_CRL_OPTIONS tp_crl_options; 96 CSSM_APPLE_TP_CRL_OPTIONS tp_crl_options;
98 memset(&tp_crl_options, 0, sizeof(tp_crl_options)); 97 memset(&tp_crl_options, 0, sizeof(tp_crl_options));
99 tp_crl_options.Version = CSSM_APPLE_TP_CRL_OPTS_VERSION; 98 tp_crl_options.Version = CSSM_APPLE_TP_CRL_OPTS_VERSION;
100 // Only allow network CRL fetches if the caller explicitly requests 99 // Only allow network CRL fetches if the caller explicitly requests
101 // online revocation checking. Note that, as of OS X 10.7.2, the system 100 // online revocation checking. Note that, as of OS X 10.7.2, the system
102 // will set force this flag on according to system policies, so 101 // will set force this flag on according to system policies, so
103 // online revocation checks cannot be completely disabled. 102 // online revocation checks cannot be completely disabled.
104 // Starting with OS X 10.12, if a CRL policy is added without the 103 if (enable_revocation_checking)
105 // FETCH_CRL_FROM_NET flag, AIA fetching is disabled.
106 if (enable_revocation_checking || base::mac::IsAtLeastOS10_12())
107 tp_crl_options.CrlFlags = CSSM_TP_ACTION_FETCH_CRL_FROM_NET; 104 tp_crl_options.CrlFlags = CSSM_TP_ACTION_FETCH_CRL_FROM_NET;
108 105
109 SecPolicyRef crl_policy; 106 SecPolicyRef crl_policy;
110 status = CreatePolicy(&CSSMOID_APPLE_TP_REVOCATION_CRL, &tp_crl_options, 107 status = CreatePolicy(&CSSMOID_APPLE_TP_REVOCATION_CRL, &tp_crl_options,
111 sizeof(tp_crl_options), &crl_policy); 108 sizeof(tp_crl_options), &crl_policy);
112 if (status) 109 if (status)
113 return status; 110 return status;
114 CFArrayAppendValue(policies, crl_policy); 111 CFArrayAppendValue(policies, crl_policy);
115 CFRelease(crl_policy); 112 CFRelease(crl_policy);
116 } 113 }
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
232 CSSM_CL_CertAbortQuery(cl_handle_, results_handle); 229 CSSM_CL_CertAbortQuery(cl_handle_, results_handle);
233 field->Reset(cl_handle_, oid, field_ptr); 230 field->Reset(cl_handle_, oid, field_ptr);
234 return CSSM_OK; 231 return CSSM_OK;
235 } 232 }
236 233
237 } // namespace x509_util 234 } // namespace x509_util
238 235
239 #pragma clang diagnostic pop // "-Wdeprecated-declarations" 236 #pragma clang diagnostic pop // "-Wdeprecated-declarations"
240 237
241 } // namespace net 238 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698