OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include <stdint.h> | 7 #include <stdint.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 | 10 |
(...skipping 467 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
478 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully | 478 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully |
479 // disable revocation checking. | 479 // disable revocation checking. |
480 if (flags & CertVerifier::VERIFY_EV_CERT) | 480 if (flags & CertVerifier::VERIFY_EV_CERT) |
481 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY; | 481 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY; |
482 | 482 |
483 int rv = VerifyInternal(cert, hostname, ocsp_response, flags, crl_set, | 483 int rv = VerifyInternal(cert, hostname, ocsp_response, flags, crl_set, |
484 additional_trust_anchors, verify_result); | 484 additional_trust_anchors, verify_result); |
485 | 485 |
486 ComputeSignatureHashAlgorithms(verify_result); | 486 ComputeSignatureHashAlgorithms(verify_result); |
487 | 487 |
488 if (!cert->VerifyNameMatch(hostname, | 488 bool allow_common_name_fallback = |
489 &verify_result->common_name_fallback_used)) { | 489 !verify_result->is_issued_by_known_root && |
| 490 (flags & CertVerifier::VERIFY_ENABLE_COMMON_NAME_FALLBACK_LOCAL_ANCHORS); |
| 491 if (!cert->VerifyNameMatch(hostname, allow_common_name_fallback)) { |
490 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | 492 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
491 rv = MapCertStatusToNetError(verify_result->cert_status); | 493 rv = MapCertStatusToNetError(verify_result->cert_status); |
492 } | 494 } |
493 | 495 |
494 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback", | |
495 verify_result->common_name_fallback_used); | |
496 if (!verify_result->is_issued_by_known_root) { | |
497 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA", | |
498 verify_result->common_name_fallback_used); | |
499 } | |
500 | |
501 CheckOCSP(ocsp_response, *verify_result->verified_cert, | 496 CheckOCSP(ocsp_response, *verify_result->verified_cert, |
502 &verify_result->ocsp_result); | 497 &verify_result->ocsp_result); |
503 | 498 |
504 // This check is done after VerifyInternal so that VerifyInternal can fill | 499 // This check is done after VerifyInternal so that VerifyInternal can fill |
505 // in the list of public key hashes. | 500 // in the list of public key hashes. |
506 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { | 501 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { |
507 verify_result->cert_status |= CERT_STATUS_REVOKED; | 502 verify_result->cert_status |= CERT_STATUS_REVOKED; |
508 rv = MapCertStatusToNetError(verify_result->cert_status); | 503 rv = MapCertStatusToNetError(verify_result->cert_status); |
509 } | 504 } |
510 | 505 |
(...skipping 328 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
839 return true; | 834 return true; |
840 | 835 |
841 return false; | 836 return false; |
842 } | 837 } |
843 | 838 |
844 // static | 839 // static |
845 const base::Feature CertVerifyProc::kSHA1LegacyMode{ | 840 const base::Feature CertVerifyProc::kSHA1LegacyMode{ |
846 "SHA1LegacyMode", base::FEATURE_DISABLED_BY_DEFAULT}; | 841 "SHA1LegacyMode", base::FEATURE_DISABLED_BY_DEFAULT}; |
847 | 842 |
848 } // namespace net | 843 } // namespace net |
OLD | NEW |