| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 1538 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1549 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 1549 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| 1550 } | 1550 } |
| 1551 } | 1551 } |
| 1552 ct_verify_result_.cert_policy_compliance = | 1552 ct_verify_result_.cert_policy_compliance = |
| 1553 policy_enforcer_->DoesConformToCertPolicy( | 1553 policy_enforcer_->DoesConformToCertPolicy( |
| 1554 server_cert_verify_result_.verified_cert.get(), verified_scts, | 1554 server_cert_verify_result_.verified_cert.get(), verified_scts, |
| 1555 net_log_); | 1555 net_log_); |
| 1556 | 1556 |
| 1557 if (ct_verify_result_.cert_policy_compliance != | 1557 if (ct_verify_result_.cert_policy_compliance != |
| 1558 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS && | 1558 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS && |
| 1559 ct_verify_result_.cert_policy_compliance != |
| 1560 ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY && |
| 1559 transport_security_state_->ShouldRequireCT( | 1561 transport_security_state_->ShouldRequireCT( |
| 1560 host_and_port_.host(), server_cert_verify_result_.verified_cert.get(), | 1562 host_and_port_.host(), server_cert_verify_result_.verified_cert.get(), |
| 1561 server_cert_verify_result_.public_key_hashes)) { | 1563 server_cert_verify_result_.public_key_hashes)) { |
| 1562 server_cert_verify_result_.cert_status |= | 1564 server_cert_verify_result_.cert_status |= |
| 1563 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED; | 1565 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED; |
| 1564 return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED; | 1566 return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED; |
| 1565 } | 1567 } |
| 1566 | 1568 |
| 1567 return OK; | 1569 return OK; |
| 1568 } | 1570 } |
| (...skipping 429 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1998 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && | 2000 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
| 1999 !certificate_requested_) { | 2001 !certificate_requested_) { |
| 2000 net_error = ERR_SSL_PROTOCOL_ERROR; | 2002 net_error = ERR_SSL_PROTOCOL_ERROR; |
| 2001 } | 2003 } |
| 2002 } | 2004 } |
| 2003 | 2005 |
| 2004 return net_error; | 2006 return net_error; |
| 2005 } | 2007 } |
| 2006 | 2008 |
| 2007 } // namespace net | 2009 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2495583002:
Defang the CT Timebomb (Closed)
