| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_nss.h" | 5 #include "net/cert/cert_verify_proc_nss.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <nss.h> | 8 #include <nss.h> |
| 9 #include <prerror.h> | 9 #include <prerror.h> |
| 10 #include <secerr.h> | 10 #include <secerr.h> |
| (...skipping 780 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 791 // API. | 791 // API. |
| 792 SECItem ocsp_response_item; | 792 SECItem ocsp_response_item; |
| 793 ocsp_response_item.data = reinterpret_cast<unsigned char*>( | 793 ocsp_response_item.data = reinterpret_cast<unsigned char*>( |
| 794 const_cast<char*>(ocsp_response.data())); | 794 const_cast<char*>(ocsp_response.data())); |
| 795 ocsp_response_item.len = ocsp_response.size(); | 795 ocsp_response_item.len = ocsp_response.size(); |
| 796 cache_ocsp_response_from_side_channel_(CERT_GetDefaultCertDB(), cert_handle, | 796 cache_ocsp_response_from_side_channel_(CERT_GetDefaultCertDB(), cert_handle, |
| 797 PR_Now(), &ocsp_response_item, | 797 PR_Now(), &ocsp_response_item, |
| 798 nullptr); | 798 nullptr); |
| 799 } | 799 } |
| 800 | 800 |
| 801 if (!cert->VerifyNameMatch(hostname, | |
| 802 &verify_result->common_name_fallback_used)) { | |
| 803 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | |
| 804 } | |
| 805 | |
| 806 // Setup a callback to call into CheckChainRevocationWithCRLSet with the | 801 // Setup a callback to call into CheckChainRevocationWithCRLSet with the |
| 807 // current CRLSet. If the CRLSet revokes a given chain, |was_revoked| | 802 // current CRLSet. If the CRLSet revokes a given chain, |was_revoked| |
| 808 // will be set to true. | 803 // will be set to true. |
| 809 // The same callback and args are used for every invocation of | 804 // The same callback and args are used for every invocation of |
| 810 // PKIXVerifyCert, as CheckChainRevocationWithCRLSet handles resetting | 805 // PKIXVerifyCert, as CheckChainRevocationWithCRLSet handles resetting |
| 811 // |was_revoked| as necessary. | 806 // |was_revoked| as necessary. |
| 812 CheckChainRevocationArgs check_chain_revocation_args; | 807 CheckChainRevocationArgs check_chain_revocation_args; |
| 813 check_chain_revocation_args.crl_set = crl_set; | 808 check_chain_revocation_args.crl_set = crl_set; |
| 814 check_chain_revocation_args.next_callback = chain_verify_callback; | 809 check_chain_revocation_args.next_callback = chain_verify_callback; |
| 815 | 810 |
| (...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 959 CRLSet* crl_set, | 954 CRLSet* crl_set, |
| 960 const CertificateList& additional_trust_anchors, | 955 const CertificateList& additional_trust_anchors, |
| 961 CertVerifyResult* verify_result) { | 956 CertVerifyResult* verify_result) { |
| 962 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set, | 957 return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set, |
| 963 additional_trust_anchors, | 958 additional_trust_anchors, |
| 964 NULL, // chain_verify_callback | 959 NULL, // chain_verify_callback |
| 965 verify_result); | 960 verify_result); |
| 966 } | 961 } |
| 967 | 962 |
| 968 } // namespace net | 963 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2725683002:
Move name matching into the shared certificate validator (Closed)
