Chromium Code Reviews Chromium Code Reviews
Issue 2587243002:
Do not do Expect-Staple when OCSPVerifyResult has not been populated (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 1301 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1312 break; | 1312 break; |
| 1313 } | 1313 } |
| 1314 if (result != ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN && ct_result != OK) | 1314 if (result != ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN && ct_result != OK) |
| 1315 result = ct_result; | 1315 result = ct_result; |
| 1316 } | 1316 } |
| 1317 | 1317 |
| 1318 if (result == OK) { | 1318 if (result == OK) { |
| 1319 DCHECK(!certificate_verified_); | 1319 DCHECK(!certificate_verified_); |
| 1320 certificate_verified_ = true; | 1320 certificate_verified_ = true; |
| 1321 MaybeCacheSession(); | 1321 MaybeCacheSession(); |
| 1322 SSLInfo ssl_info; | |
| 1323 bool ok = GetSSLInfo(&ssl_info); | |
| 1324 DCHECK(ok); | |
| 1325 transport_security_state_->CheckExpectStaple(host_and_port_, ssl_info, | |
| 1326 ocsp_response_); | |
| 1327 } | 1322 } |
| 1328 | 1323 |
| 1324 SSLInfo ssl_info; | |
|
Ryan Sleevi
2016/12/21 01:35:29
Might by worth including a comment here in the cod
estark
2016/12/21 17:53:12
Ack, no longer applicable (reverted this change)
| |
| 1325 bool ok = GetSSLInfo(&ssl_info); | |
| 1326 DCHECK(ok); | |
| 1327 transport_security_state_->CheckExpectStaple(host_and_port_, ssl_info, | |
| 1328 ocsp_response_); | |
| 1329 | |
| 1329 completed_connect_ = true; | 1330 completed_connect_ = true; |
| 1330 // Exit DoHandshakeLoop and return the result to the caller to Connect. | 1331 // Exit DoHandshakeLoop and return the result to the caller to Connect. |
| 1331 DCHECK_EQ(STATE_NONE, next_handshake_state_); | 1332 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
| 1332 return result; | 1333 return result; |
| 1333 } | 1334 } |
| 1334 | 1335 |
| 1335 void SSLClientSocketImpl::DoConnectCallback(int rv) { | 1336 void SSLClientSocketImpl::DoConnectCallback(int rv) { |
| 1336 if (!user_connect_callback_.is_null()) { | 1337 if (!user_connect_callback_.is_null()) { |
| 1337 CompletionCallback c = user_connect_callback_; | 1338 CompletionCallback c = user_connect_callback_; |
| 1338 user_connect_callback_.Reset(); | 1339 user_connect_callback_.Reset(); |
| (...skipping 709 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2048 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && | 2049 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
| 2049 !certificate_requested_) { | 2050 !certificate_requested_) { |
| 2050 net_error = ERR_SSL_PROTOCOL_ERROR; | 2051 net_error = ERR_SSL_PROTOCOL_ERROR; |
| 2051 } | 2052 } |
| 2052 } | 2053 } |
| 2053 | 2054 |
| 2054 return net_error; | 2055 return net_error; |
| 2055 } | 2056 } |
| 2056 | 2057 |
| 2057 } // namespace net | 2058 } // namespace net |
| OLD | NEW |
