OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include <stdint.h> | 7 #include <stdint.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 | 10 |
(...skipping 467 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
478 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully | 478 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully |
479 // disable revocation checking. | 479 // disable revocation checking. |
480 if (flags & CertVerifier::VERIFY_EV_CERT) | 480 if (flags & CertVerifier::VERIFY_EV_CERT) |
481 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY; | 481 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY; |
482 | 482 |
483 int rv = VerifyInternal(cert, hostname, ocsp_response, flags, crl_set, | 483 int rv = VerifyInternal(cert, hostname, ocsp_response, flags, crl_set, |
484 additional_trust_anchors, verify_result); | 484 additional_trust_anchors, verify_result); |
485 | 485 |
486 ComputeSignatureHashAlgorithms(verify_result); | 486 ComputeSignatureHashAlgorithms(verify_result); |
487 | 487 |
488 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback", | 488 bool allow_common_name_fallback = |
489 verify_result->common_name_fallback_used); | 489 !verify_result->is_issued_by_known_root && |
490 if (!verify_result->is_issued_by_known_root) { | 490 (flags & CertVerifier::VERIFY_ENABLE_COMMON_NAME_FALLBACK_LOCAL_ANCHORS); |
491 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA", | 491 if (!cert->VerifyNameMatch(hostname, allow_common_name_fallback)) { |
492 verify_result->common_name_fallback_used); | 492 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
493 } | 493 } |
Ryan Sleevi
2017/02/28 02:16:58
Similarly, I'll be updating tests in CertVerifyPro
| |
494 | 494 |
495 CheckOCSP(ocsp_response, *verify_result->verified_cert, | 495 CheckOCSP(ocsp_response, *verify_result->verified_cert, |
496 &verify_result->ocsp_result); | 496 &verify_result->ocsp_result); |
497 | 497 |
498 // This check is done after VerifyInternal so that VerifyInternal can fill | 498 // This check is done after VerifyInternal so that VerifyInternal can fill |
499 // in the list of public key hashes. | 499 // in the list of public key hashes. |
500 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { | 500 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { |
501 verify_result->cert_status |= CERT_STATUS_REVOKED; | 501 verify_result->cert_status |= CERT_STATUS_REVOKED; |
502 rv = MapCertStatusToNetError(verify_result->cert_status); | 502 rv = MapCertStatusToNetError(verify_result->cert_status); |
503 } | 503 } |
(...skipping 329 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
833 return true; | 833 return true; |
834 | 834 |
835 return false; | 835 return false; |
836 } | 836 } |
837 | 837 |
838 // static | 838 // static |
839 const base::Feature CertVerifyProc::kSHA1LegacyMode{ | 839 const base::Feature CertVerifyProc::kSHA1LegacyMode{ |
840 "SHA1LegacyMode", base::FEATURE_DISABLED_BY_DEFAULT}; | 840 "SHA1LegacyMode", base::FEATURE_DISABLED_BY_DEFAULT}; |
841 | 841 |
842 } // namespace net | 842 } // namespace net |
OLD | NEW |