Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(647)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/sslauth.c

Issue 25107004: Change SSL_PeerCertificateChain to return a CERTCertList. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Sync Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/ssl.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 #include "cert.h" 4 #include "cert.h"
5 #include "secitem.h" 5 #include "secitem.h"
6 #include "ssl.h" 6 #include "ssl.h"
7 #include "sslimpl.h" 7 #include "sslimpl.h"
8 #include "sslproto.h" 8 #include "sslproto.h"
9 #include "pk11func.h" 9 #include "pk11func.h"
10 #include "ocsp.h" 10 #include "ocsp.h"
(...skipping 10 matching lines...) Expand all
21 SSL_GETPID(), fd)); 21 SSL_GETPID(), fd));
22 return 0; 22 return 0;
23 } 23 }
24 if (ss->opt.useSecurity && ss->sec.peerCert) { 24 if (ss->opt.useSecurity && ss->sec.peerCert) {
25 return CERT_DupCertificate(ss->sec.peerCert); 25 return CERT_DupCertificate(ss->sec.peerCert);
26 } 26 }
27 return 0; 27 return 0;
28 } 28 }
29 29
30 /* NEED LOCKS IN HERE. */ 30 /* NEED LOCKS IN HERE. */
31 SECStatus 31 CERTCertList *
32 SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs, 32 SSL_PeerCertificateChain(PRFileDesc *fd)
33 » » » unsigned int *numCerts, unsigned int maxNumCerts)
34 { 33 {
35 sslSocket *ss; 34 sslSocket *ss;
36 ssl3CertNode* cur; 35 CERTCertList *chain = NULL;
36 CERTCertificate *cert;
37 ssl3CertNode *cur;
37 38
38 ss = ssl_FindSocket(fd); 39 ss = ssl_FindSocket(fd);
39 if (!ss) { 40 if (!ss) {
40 SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain", 41 SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",
41 SSL_GETPID(), fd)); 42 SSL_GETPID(), fd));
42 » return SECFailure; 43 » return NULL;
43 } 44 }
44 if (!ss->opt.useSecurity) 45 if (!ss->opt.useSecurity || !ss->sec.peerCert) {
45 » return SECFailure; 46 » PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
47 » return NULL;
48 }
49 chain = CERT_NewCertList();
50 if (!chain) {
51 » return NULL;
52 }
53 cert = CERT_DupCertificate(ss->sec.peerCert);
54 if (CERT_AddCertToListTail(chain, cert) != SECSuccess) {
55 » goto loser;
56 }
57 for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
58 » cert = CERT_DupCertificate(cur->cert);
59 » if (CERT_AddCertToListTail(chain, cert) != SECSuccess) {
60 » goto loser;
61 » }
62 }
63 return chain;
46 64
47 if (ss->sec.peerCert == NULL) { 65 loser:
48 *numCerts = 0; 66 CERT_DestroyCertList(chain);
49 return SECSuccess; 67 return NULL;
50 }
51
52 *numCerts = 1; /* for the leaf certificate */
53 if (maxNumCerts > 0)
54 » certs[0] = CERT_DupCertificate(ss->sec.peerCert);
55
56 for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
57 » if (*numCerts < maxNumCerts)
58 » certs[*numCerts] = CERT_DupCertificate(cur->cert);
59 » (*numCerts)++;
60 }
61
62 return SECSuccess;
63 } 68 }
64 69
65 /* NEED LOCKS IN HERE. */ 70 /* NEED LOCKS IN HERE. */
66 CERTCertificate * 71 CERTCertificate *
67 SSL_LocalCertificate(PRFileDesc *fd) 72 SSL_LocalCertificate(PRFileDesc *fd)
68 { 73 {
69 sslSocket *ss; 74 sslSocket *ss;
70 75
71 ss = ssl_FindSocket(fd); 76 ss = ssl_FindSocket(fd);
72 if (!ss) { 77 if (!ss) {
(...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after
323 hostname = ss->url; 328 hostname = ss->url;
324 if (hostname && hostname[0]) 329 if (hostname && hostname[0])
325 rv = CERT_VerifyCertName(ss->sec.peerCert, hostname); 330 rv = CERT_VerifyCertName(ss->sec.peerCert, hostname);
326 else 331 else
327 rv = SECFailure; 332 rv = SECFailure;
328 if (rv != SECSuccess) 333 if (rv != SECSuccess)
329 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); 334 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
330 335
331 return rv; 336 return rv;
332 } 337 }
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/ssl.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698