Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_openssl.cc

Issue 2725683002: Move name matching into the shared certificate validator (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/cert_verify_proc_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_openssl.h" 5 #include "net/cert/cert_verify_proc_openssl.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after
174 int CertVerifyProcOpenSSL::VerifyInternal( 174 int CertVerifyProcOpenSSL::VerifyInternal(
175 X509Certificate* cert, 175 X509Certificate* cert,
176 const std::string& hostname, 176 const std::string& hostname,
177 const std::string& ocsp_response, 177 const std::string& ocsp_response,
178 int flags, 178 int flags,
179 CRLSet* crl_set, 179 CRLSet* crl_set,
180 const CertificateList& additional_trust_anchors, 180 const CertificateList& additional_trust_anchors,
181 CertVerifyResult* verify_result) { 181 CertVerifyResult* verify_result) {
182 crypto::EnsureOpenSSLInit(); 182 crypto::EnsureOpenSSLInit();
183 183
184 if (!cert->VerifyNameMatch(hostname,
185 &verify_result->common_name_fallback_used)) {
186 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
187 }
188
189 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new()); 184 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
190 185
191 std::unique_ptr<STACK_OF(X509), ShallowX509StackDeleter> intermediates( 186 std::unique_ptr<STACK_OF(X509), ShallowX509StackDeleter> intermediates(
192 sk_X509_new_null()); 187 sk_X509_new_null());
193 if (!intermediates.get()) 188 if (!intermediates.get())
194 return ERR_OUT_OF_MEMORY; 189 return ERR_OUT_OF_MEMORY;
195 190
196 const X509Certificate::OSCertHandles& os_intermediates = 191 const X509Certificate::OSCertHandles& os_intermediates =
197 cert->GetIntermediateCertificates(); 192 cert->GetIntermediateCertificates();
198 for (X509Certificate::OSCertHandles::const_iterator it = 193 for (X509Certificate::OSCertHandles::const_iterator it =
(...skipping 20 matching lines...) Expand all
219 214
220 GetCertChainInfo(ctx.get(), verify_result); 215 GetCertChainInfo(ctx.get(), verify_result);
221 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); 216 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes);
222 if (IsCertStatusError(verify_result->cert_status)) 217 if (IsCertStatusError(verify_result->cert_status))
223 return MapCertStatusToNetError(verify_result->cert_status); 218 return MapCertStatusToNetError(verify_result->cert_status);
224 219
225 return OK; 220 return OK;
226 } 221 }
227 222
228 } // namespace net 223 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/cert_verify_proc_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698