OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc_nss.h" | 5 #include "net/cert/cert_verify_proc_nss.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <nss.h> | 8 #include <nss.h> |
9 #include <prerror.h> | 9 #include <prerror.h> |
10 #include <secerr.h> | 10 #include <secerr.h> |
(...skipping 780 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
791 // API. | 791 // API. |
792 SECItem ocsp_response_item; | 792 SECItem ocsp_response_item; |
793 ocsp_response_item.data = reinterpret_cast<unsigned char*>( | 793 ocsp_response_item.data = reinterpret_cast<unsigned char*>( |
794 const_cast<char*>(ocsp_response.data())); | 794 const_cast<char*>(ocsp_response.data())); |
795 ocsp_response_item.len = ocsp_response.size(); | 795 ocsp_response_item.len = ocsp_response.size(); |
796 cache_ocsp_response_from_side_channel_(CERT_GetDefaultCertDB(), cert_handle, | 796 cache_ocsp_response_from_side_channel_(CERT_GetDefaultCertDB(), cert_handle, |
797 PR_Now(), &ocsp_response_item, | 797 PR_Now(), &ocsp_response_item, |
798 nullptr); | 798 nullptr); |
799 } | 799 } |
800 | 800 |
801 if (!cert->VerifyNameMatch(hostname, | |
802 &verify_result->common_name_fallback_used)) { | |
803 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | |
804 } | |
805 | |
806 // Setup a callback to call into CheckChainRevocationWithCRLSet with the | 801 // Setup a callback to call into CheckChainRevocationWithCRLSet with the |
807 // current CRLSet. If the CRLSet revokes a given chain, |was_revoked| | 802 // current CRLSet. If the CRLSet revokes a given chain, |was_revoked| |
808 // will be set to true. | 803 // will be set to true. |
809 // The same callback and args are used for every invocation of | 804 // The same callback and args are used for every invocation of |
810 // PKIXVerifyCert, as CheckChainRevocationWithCRLSet handles resetting | 805 // PKIXVerifyCert, as CheckChainRevocationWithCRLSet handles resetting |
811 // |was_revoked| as necessary. | 806 // |was_revoked| as necessary. |
812 CheckChainRevocationArgs check_chain_revocation_args; | 807 CheckChainRevocationArgs check_chain_revocation_args; |
813 check_chain_revocation_args.crl_set = crl_set; | 808 check_chain_revocation_args.crl_set = crl_set; |
814 check_chain_revocation_args.next_callback = chain_verify_callback; | 809 check_chain_revocation_args.next_callback = chain_verify_callback; |
815 | 810 |
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
959 CRLSet* crl_set, | 954 CRLSet* crl_set, |
960 const CertificateList& additional_trust_anchors, | 955 const CertificateList& additional_trust_anchors, |
961 CertVerifyResult* verify_result) { | 956 CertVerifyResult* verify_result) { |
962 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set, | 957 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set, |
963 additional_trust_anchors, | 958 additional_trust_anchors, |
964 NULL, // chain_verify_callback | 959 NULL, // chain_verify_callback |
965 verify_result); | 960 verify_result); |
966 } | 961 } |
967 | 962 |
968 } // namespace net | 963 } // namespace net |
OLD | NEW |