Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(221)

Side by Side Diff: net/cert/cert_verify_proc_nss.cc

Issue 2499083003: Mac EV verification using Chrome methods rather than OS methods. (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_verify_proc_mac.cc ('k') | net/cert/ev_root_ca_metadata.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_nss.h" 5 #include "net/cert/cert_verify_proc_nss.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <nss.h> 8 #include <nss.h>
9 #include <prerror.h> 9 #include <prerror.h>
10 #include <secerr.h> 10 #include <secerr.h>
(...skipping 264 matching lines...) Expand 10 before | Expand all | Expand 10 after
275 if (cert_list) { 275 if (cert_list) {
276 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); 276 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
277 !CERT_LIST_END(node, cert_list); 277 !CERT_LIST_END(node, cert_list);
278 node = CERT_LIST_NEXT(node)) { 278 node = CERT_LIST_NEXT(node)) {
279 certs.push_back(node->cert); 279 certs.push_back(node->cert);
280 } 280 }
281 } 281 }
282 if (root) 282 if (root)
283 certs.push_back(root); 283 certs.push_back(root);
284 284
285 // error is set to true if any errors are found. It causes such chains to be 285 // Set to true if any errors are found, which will cause such chains to not be
286 // considered as not covered. 286 // treated as covered by the CRLSet.
287 bool error = false; 287 bool error = false;
288 // last_covered is set to the coverage state of the previous certificate. The 288 // Set to the coverage state of the previous certificate. As the certificates
289 // certificates are iterated over backwards thus, after the iteration, 289 // are iterated over from root to leaf, at the end of the iteration, this
290 // |last_covered| contains the coverage state of the leaf certificate. 290 // indicates the coverage state of the leaf certificate.
291 bool last_covered = false; 291 bool last_covered = false;
292 292
293 // We iterate from the root certificate down to the leaf, keeping track of 293 // We iterate from the root certificate down to the leaf, keeping track of
294 // the issuer's SPKI at each step. 294 // the issuer's SPKI at each step.
295 std::string issuer_spki_hash; 295 std::string issuer_spki_hash;
296 for (std::vector<CERTCertificate*>::reverse_iterator i = certs.rbegin(); 296 for (std::vector<CERTCertificate*>::reverse_iterator i = certs.rbegin();
297 i != certs.rend(); ++i) { 297 i != certs.rend(); ++i) {
298 CERTCertificate* cert = *i; 298 CERTCertificate* cert = *i;
299 299
300 base::StringPiece der(reinterpret_cast<char*>(cert->derCert.data), 300 base::StringPiece der(reinterpret_cast<char*>(cert->derCert.data),
(...skipping 682 matching lines...) Expand 10 before | Expand all | Expand 10 after
983 CRLSet* crl_set, 983 CRLSet* crl_set,
984 const CertificateList& additional_trust_anchors, 984 const CertificateList& additional_trust_anchors,
985 CertVerifyResult* verify_result) { 985 CertVerifyResult* verify_result) {
986 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set, 986 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set,
987 additional_trust_anchors, 987 additional_trust_anchors,
988 NULL, // chain_verify_callback 988 NULL, // chain_verify_callback
989 verify_result); 989 verify_result);
990 } 990 }
991 991
992 } // namespace net 992 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc_mac.cc ('k') | net/cert/ev_root_ca_metadata.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698