| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_nss.h" | 5 #include "net/cert/cert_verify_proc_nss.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <nss.h> | 8 #include <nss.h> |
| 9 #include <prerror.h> | 9 #include <prerror.h> |
| 10 #include <secerr.h> | 10 #include <secerr.h> |
| (...skipping 264 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 275 if (cert_list) { | 275 if (cert_list) { |
| 276 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); | 276 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); |
| 277 !CERT_LIST_END(node, cert_list); | 277 !CERT_LIST_END(node, cert_list); |
| 278 node = CERT_LIST_NEXT(node)) { | 278 node = CERT_LIST_NEXT(node)) { |
| 279 certs.push_back(node->cert); | 279 certs.push_back(node->cert); |
| 280 } | 280 } |
| 281 } | 281 } |
| 282 if (root) | 282 if (root) |
| 283 certs.push_back(root); | 283 certs.push_back(root); |
| 284 | 284 |
| 285 // error is set to true if any errors are found. It causes such chains to be | 285 // Set to true if any errors are found, which will cause such chains to not be |
| 286 // considered as not covered. | 286 // treated as covered by the CRLSet. |
| 287 bool error = false; | 287 bool error = false; |
| 288 // last_covered is set to the coverage state of the previous certificate. The | 288 // Set to the coverage state of the previous certificate. As the certificates |
| 289 // certificates are iterated over backwards thus, after the iteration, | 289 // are iterated over from root to leaf, at the end of the iteration, this |
| 290 // |last_covered| contains the coverage state of the leaf certificate. | 290 // indicates the coverage state of the leaf certificate. |
| 291 bool last_covered = false; | 291 bool last_covered = false; |
| 292 | 292 |
| 293 // We iterate from the root certificate down to the leaf, keeping track of | 293 // We iterate from the root certificate down to the leaf, keeping track of |
| 294 // the issuer's SPKI at each step. | 294 // the issuer's SPKI at each step. |
| 295 std::string issuer_spki_hash; | 295 std::string issuer_spki_hash; |
| 296 for (std::vector<CERTCertificate*>::reverse_iterator i = certs.rbegin(); | 296 for (std::vector<CERTCertificate*>::reverse_iterator i = certs.rbegin(); |
| 297 i != certs.rend(); ++i) { | 297 i != certs.rend(); ++i) { |
| 298 CERTCertificate* cert = *i; | 298 CERTCertificate* cert = *i; |
| 299 | 299 |
| 300 base::StringPiece der(reinterpret_cast<char*>(cert->derCert.data), | 300 base::StringPiece der(reinterpret_cast<char*>(cert->derCert.data), |
| (...skipping 682 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 983 CRLSet* crl_set, | 983 CRLSet* crl_set, |
| 984 const CertificateList& additional_trust_anchors, | 984 const CertificateList& additional_trust_anchors, |
| 985 CertVerifyResult* verify_result) { | 985 CertVerifyResult* verify_result) { |
| 986 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set, | 986 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set, |
| 987 additional_trust_anchors, | 987 additional_trust_anchors, |
| 988 NULL, // chain_verify_callback | 988 NULL, // chain_verify_callback |
| 989 verify_result); | 989 verify_result); |
| 990 } | 990 } |
| 991 | 991 |
| 992 } // namespace net | 992 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2499083003:
Mac EV verification using Chrome methods rather than OS methods. (Closed)
