Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(229)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_impl.cc

Issue 2511583002: Defang the CT Timebomb (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/chromium/crypto/proof_verifier_chromium.cc ('k') | net/spdy/spdy_session.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_impl.h" 5 #include "net/socket/ssl_client_socket_impl.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <openssl/bio.h> 8 #include <openssl/bio.h>
9 #include <openssl/bytestring.h> 9 #include <openssl/bytestring.h>
10 #include <openssl/err.h> 10 #include <openssl/err.h>
(...skipping 1783 matching lines...) Expand 10 before | Expand all | Expand 10 after
1794 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; 1794 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;
1795 } 1795 }
1796 } 1796 }
1797 ct_verify_result_.cert_policy_compliance = 1797 ct_verify_result_.cert_policy_compliance =
1798 policy_enforcer_->DoesConformToCertPolicy( 1798 policy_enforcer_->DoesConformToCertPolicy(
1799 server_cert_verify_result_.verified_cert.get(), verified_scts, 1799 server_cert_verify_result_.verified_cert.get(), verified_scts,
1800 net_log_); 1800 net_log_);
1801 1801
1802 if (ct_verify_result_.cert_policy_compliance != 1802 if (ct_verify_result_.cert_policy_compliance !=
1803 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS && 1803 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS &&
1804 ct_verify_result_.cert_policy_compliance !=
1805 ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY &&
1804 transport_security_state_->ShouldRequireCT( 1806 transport_security_state_->ShouldRequireCT(
1805 host_and_port_.host(), server_cert_verify_result_.verified_cert.get(), 1807 host_and_port_.host(), server_cert_verify_result_.verified_cert.get(),
1806 server_cert_verify_result_.public_key_hashes)) { 1808 server_cert_verify_result_.public_key_hashes)) {
1807 server_cert_verify_result_.cert_status |= 1809 server_cert_verify_result_.cert_status |=
1808 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED; 1810 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED;
1809 return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED; 1811 return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED;
1810 } 1812 }
1811 1813
1812 return OK; 1814 return OK;
1813 } 1815 }
(...skipping 476 matching lines...) Expand 10 before | Expand all | Expand 10 after
2290 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && 2292 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED &&
2291 !certificate_requested_) { 2293 !certificate_requested_) {
2292 net_error = ERR_SSL_PROTOCOL_ERROR; 2294 net_error = ERR_SSL_PROTOCOL_ERROR;
2293 } 2295 }
2294 } 2296 }
2295 2297
2296 return net_error; 2298 return net_error;
2297 } 2299 }
2298 2300
2299 } // namespace net 2301 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/chromium/crypto/proof_verifier_chromium.cc ('k') | net/spdy/spdy_session.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698