remoting/protocol/ssl_hmac_channel_authenticator.cc - Issue 2604513002: Optimize CT & OCSP handling code

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: remoting/protocol/ssl_hmac_channel_authenticator.cc

Issue 2604513002: Optimize CT & OCSP handling code (Closed)

Patch Set: Actually optimize for OCSP Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: remoting/protocol/ssl_hmac_channel_authenticator.cc

diff --git a/remoting/protocol/ssl_hmac_channel_authenticator.cc b/remoting/protocol/ssl_hmac_channel_authenticator.cc

index 1e3a0f787bbc919ae523610a3cda5e93f6b12c4d..642fae02ea7523687f34641bab41b95cd7c9c5f7 100644

--- a/remoting/protocol/ssl_hmac_channel_authenticator.cc

+++ b/remoting/protocol/ssl_hmac_channel_authenticator.cc

@@ -24,7 +24,7 @@

#include "net/cert/cert_verify_result.h"

#include "net/cert/ct_policy_enforcer.h"

#include "net/cert/ct_policy_status.h"

-#include "net/cert/ct_verifier.h"

+#include "net/cert/do_nothing_ct_verifier.h"

#include "net/cert/signed_certificate_timestamp_and_status.h"

#include "net/cert/x509_certificate.h"

#include "net/http/transport_security_state.h"

@@ -67,23 +67,6 @@ class FailingCertVerifier : public net::CertVerifier {

}

};

-// A CTVerifier which ignores Certificate Transparency information.

-class IgnoresCTVerifier : public net::CTVerifier {

- public:

- IgnoresCTVerifier() = default;

- ~IgnoresCTVerifier() override = default;

- int Verify(net::X509Certificate* cert,

- const std::string& stapled_ocsp_response,

- const std::string& sct_list_from_tls_extension,

- net::SignedCertificateTimestampAndStatusList* output_scts,

- const net::NetLogWithSource& net_log) override {

- return net::OK;

- }

- void SetObserver(Observer* observer) override {}

-};

// A CTPolicyEnforcer that accepts all certificates.

class IgnoresCTPolicyEnforcer : public net::CTPolicyEnforcer {

public:

@@ -284,7 +267,7 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate(

} else {

transport_security_state_.reset(new net::TransportSecurityState);

cert_verifier_.reset(new FailingCertVerifier);

- ct_verifier_.reset(new IgnoresCTVerifier);

+ ct_verifier_.reset(new net::DoNothingCTVerifier);

ct_policy_enforcer_.reset(new IgnoresCTPolicyEnforcer);

net::SSLConfig ssl_config;

« net/spdy/spdy_test_util_common.cc ('K') | « net/url_request/url_request_unittest.cc ('k') | no next file » | no next file with comments »