Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(22)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/sslauth.c

Issue 25107004: Change SSL_PeerCertificateChain to return a CERTCertList. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Don't count the number of list nodes Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/third_party/nss/ssl/ssl.h ('K') | « net/third_party/nss/ssl/ssl.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 #include "cert.h" 4 #include "cert.h"
5 #include "secitem.h" 5 #include "secitem.h"
6 #include "ssl.h" 6 #include "ssl.h"
7 #include "sslimpl.h" 7 #include "sslimpl.h"
8 #include "sslproto.h" 8 #include "sslproto.h"
9 #include "pk11func.h" 9 #include "pk11func.h"
10 #include "ocsp.h" 10 #include "ocsp.h"
(...skipping 10 matching lines...) Expand all
21 SSL_GETPID(), fd)); 21 SSL_GETPID(), fd));
22 return 0; 22 return 0;
23 } 23 }
24 if (ss->opt.useSecurity && ss->sec.peerCert) { 24 if (ss->opt.useSecurity && ss->sec.peerCert) {
25 return CERT_DupCertificate(ss->sec.peerCert); 25 return CERT_DupCertificate(ss->sec.peerCert);
26 } 26 }
27 return 0; 27 return 0;
28 } 28 }
29 29
30 /* NEED LOCKS IN HERE. */ 30 /* NEED LOCKS IN HERE. */
31 SECStatus 31 CERTCertList *
32 SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs, 32 SSL_PeerCertificateChain(PRFileDesc *fd)
33 » » » unsigned int *numCerts, unsigned int maxNumCerts)
34 { 33 {
35 sslSocket *ss; 34 sslSocket *ss;
35 CERTCertList *chain = NULL;
36 ssl3CertNode* cur; 36 ssl3CertNode* cur;
37 37
38 ss = ssl_FindSocket(fd); 38 ss = ssl_FindSocket(fd);
39 if (!ss) { 39 if (!ss) {
40 SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain", 40 SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",
41 SSL_GETPID(), fd)); 41 SSL_GETPID(), fd));
42 » return SECFailure; 42 » return NULL;
43 } 43 }
44 if (!ss->opt.useSecurity) 44 if (!ss->opt.useSecurity || !ss->sec.peerCert) {
45 » return SECFailure; 45 » PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
wtc 2013/09/27 23:49:41 SSL_ERROR_NO_CERTIFICATE seems to be intended for
46 » return chain;
47 }
48 chain = CERT_NewCertList();
49 if (!chain) {
50 » PORT_SetError(SEC_ERROR_NO_MEMORY);
51 » return NULL;
52 }
53 if (CERT_AddCertToListTail(chain, ss->sec.peerCert) != SECSuccess) {
54 » goto loser;
55 }
56 for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
57 » if (CERT_AddCertToListTail(chain, cur->cert) != SECSuccess) {
58 » goto loser;
59 » }
60 }
61 return chain;
46 62
47 if (ss->sec.peerCert == NULL) { 63 loser:
48 *numCerts = 0; 64 CERT_DestroyCertList(chain);
49 return SECSuccess; 65 PORT_SetError(SEC_ERROR_NO_MEMORY);
50 } 66 return NULL;
51
52 *numCerts = 1; /* for the leaf certificate */
53 if (maxNumCerts > 0)
54 » certs[0] = CERT_DupCertificate(ss->sec.peerCert);
55
56 for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
57 » if (*numCerts < maxNumCerts)
58 » certs[*numCerts] = CERT_DupCertificate(cur->cert);
59 » (*numCerts)++;
60 }
61
62 return SECSuccess;
63 } 67 }
64 68
65 /* NEED LOCKS IN HERE. */ 69 /* NEED LOCKS IN HERE. */
66 CERTCertificate * 70 CERTCertificate *
67 SSL_LocalCertificate(PRFileDesc *fd) 71 SSL_LocalCertificate(PRFileDesc *fd)
68 { 72 {
69 sslSocket *ss; 73 sslSocket *ss;
70 74
71 ss = ssl_FindSocket(fd); 75 ss = ssl_FindSocket(fd);
72 if (!ss) { 76 if (!ss) {
(...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after
323 hostname = ss->url; 327 hostname = ss->url;
324 if (hostname && hostname[0]) 328 if (hostname && hostname[0])
325 rv = CERT_VerifyCertName(ss->sec.peerCert, hostname); 329 rv = CERT_VerifyCertName(ss->sec.peerCert, hostname);
326 else 330 else
327 rv = SECFailure; 331 rv = SECFailure;
328 if (rv != SECSuccess) 332 if (rv != SECSuccess)
329 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); 333 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
330 334
331 return rv; 335 return rv;
332 } 336 }
OLDNEW
« net/third_party/nss/ssl/ssl.h ('K') | « net/third_party/nss/ssl/ssl.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698