OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc_mac.h" | 5 #include "net/cert/cert_verify_proc_mac.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
10 | 10 |
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
190 SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>( | 190 SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>( |
191 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); | 191 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); |
192 if (i == 0) { | 192 if (i == 0) { |
193 verified_cert = chain_cert; | 193 verified_cert = chain_cert; |
194 } else { | 194 } else { |
195 verified_chain.push_back(chain_cert); | 195 verified_chain.push_back(chain_cert); |
196 } | 196 } |
197 } | 197 } |
198 if (!verified_cert) { | 198 if (!verified_cert) { |
199 NOTREACHED(); | 199 NOTREACHED(); |
200 verify_result->cert_status |= CERT_STATUS_INVALID; | |
eroman
2017/03/24 22:07:23
same comment as for ios
| |
200 return; | 201 return; |
201 } | 202 } |
202 | 203 |
203 verify_result->verified_cert = | 204 scoped_refptr<X509Certificate> verified_cert_with_chain = |
204 X509Certificate::CreateFromHandle(verified_cert, verified_chain); | 205 X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
206 if (verified_cert_with_chain) | |
207 verify_result->verified_cert = std::move(verified_cert_with_chain); | |
208 else | |
209 verify_result->cert_status |= CERT_STATUS_INVALID; | |
205 } | 210 } |
206 | 211 |
207 // Returns true if the certificate uses MD2, MD4, MD5, or SHA1, and false | 212 // Returns true if the certificate uses MD2, MD4, MD5, or SHA1, and false |
208 // otherwise. A return of false also includes the case where the signature | 213 // otherwise. A return of false also includes the case where the signature |
209 // algorithm couldn't be conclusively labeled as weak. | 214 // algorithm couldn't be conclusively labeled as weak. |
210 bool CertUsesWeakHash(X509Certificate::OSCertHandle cert_handle) { | 215 bool CertUsesWeakHash(X509Certificate::OSCertHandle cert_handle) { |
211 x509_util::CSSMCachedCertificate cached_cert; | 216 x509_util::CSSMCachedCertificate cached_cert; |
212 OSStatus status = cached_cert.Init(cert_handle); | 217 OSStatus status = cached_cert.Init(cert_handle); |
213 if (status) | 218 if (status) |
214 return false; | 219 return false; |
(...skipping 881 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1096 // EV cert and it was covered by CRLSets or revocation checking passed. | 1101 // EV cert and it was covered by CRLSets or revocation checking passed. |
1097 verify_result->cert_status |= CERT_STATUS_IS_EV; | 1102 verify_result->cert_status |= CERT_STATUS_IS_EV; |
1098 } | 1103 } |
1099 | 1104 |
1100 return OK; | 1105 return OK; |
1101 } | 1106 } |
1102 | 1107 |
1103 } // namespace net | 1108 } // namespace net |
1104 | 1109 |
1105 #pragma clang diagnostic pop // "-Wdeprecated-declarations" | 1110 #pragma clang diagnostic pop // "-Wdeprecated-declarations" |
OLD | NEW |