| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_win.h" | 5 #include "net/cert/cert_verify_proc_win.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 1175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1186 | 1186 |
| 1187 if (policy_status.dwError) { | 1187 if (policy_status.dwError) { |
| 1188 verify_result->cert_status |= MapNetErrorToCertStatus( | 1188 verify_result->cert_status |= MapNetErrorToCertStatus( |
| 1189 MapSecurityError(policy_status.dwError)); | 1189 MapSecurityError(policy_status.dwError)); |
| 1190 } | 1190 } |
| 1191 | 1191 |
| 1192 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be | 1192 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be |
| 1193 // compatible with WinHTTP, which doesn't report this error (bug 3004). | 1193 // compatible with WinHTTP, which doesn't report this error (bug 3004). |
| 1194 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM; | 1194 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM; |
| 1195 | 1195 |
| 1196 // Perform hostname verification independent of | |
| 1197 // CertVerifyCertificateChainPolicy. | |
| 1198 if (!cert->VerifyNameMatch(hostname, | |
| 1199 &verify_result->common_name_fallback_used)) { | |
| 1200 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | |
| 1201 } | |
| 1202 | |
| 1203 if (!rev_checking_enabled) { | 1196 if (!rev_checking_enabled) { |
| 1204 // If we didn't do online revocation checking then Windows will report | 1197 // If we didn't do online revocation checking then Windows will report |
| 1205 // CERT_UNABLE_TO_CHECK_REVOCATION unless it had cached OCSP or CRL | 1198 // CERT_UNABLE_TO_CHECK_REVOCATION unless it had cached OCSP or CRL |
| 1206 // information for every certificate. We only want to put up revoked | 1199 // information for every certificate. We only want to put up revoked |
| 1207 // statuses from the offline checks so we squash this error. | 1200 // statuses from the offline checks so we squash this error. |
| 1208 verify_result->cert_status &= ~CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; | 1201 verify_result->cert_status &= ~CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; |
| 1209 } | 1202 } |
| 1210 | 1203 |
| 1211 AppendPublicKeyHashes(chain_context, &verify_result->public_key_hashes); | 1204 AppendPublicKeyHashes(chain_context, &verify_result->public_key_hashes); |
| 1212 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context); | 1205 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context); |
| 1213 | 1206 |
| 1214 if (IsCertStatusError(verify_result->cert_status)) | 1207 if (IsCertStatusError(verify_result->cert_status)) |
| 1215 return MapCertStatusToNetError(verify_result->cert_status); | 1208 return MapCertStatusToNetError(verify_result->cert_status); |
| 1216 | 1209 |
| 1217 if (ev_policy_oid && | 1210 if (ev_policy_oid && |
| 1218 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { | 1211 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { |
| 1219 verify_result->cert_status |= CERT_STATUS_IS_EV; | 1212 verify_result->cert_status |= CERT_STATUS_IS_EV; |
| 1220 } | 1213 } |
| 1221 return OK; | 1214 return OK; |
| 1222 } | 1215 } |
| 1223 | 1216 |
| 1224 } // namespace net | 1217 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2725683002:
Move name matching into the shared certificate validator (Closed)
