| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include "base/metrics/histogram.h" | 7 #include "base/metrics/histogram.h" |
| 8 #include "base/sha1.h" | 8 #include "base/sha1.h" |
| 9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| (...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 199 // We do online revocation checking for EV certificates that aren't covered | 199 // We do online revocation checking for EV certificates that aren't covered |
| 200 // by a fresh CRLSet. | 200 // by a fresh CRLSet. |
| 201 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully | 201 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully |
| 202 // disable revocation checking. | 202 // disable revocation checking. |
| 203 if (flags & CertVerifier::VERIFY_EV_CERT) | 203 if (flags & CertVerifier::VERIFY_EV_CERT) |
| 204 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY; | 204 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY; |
| 205 | 205 |
| 206 int rv = VerifyInternal(cert, hostname, flags, crl_set, | 206 int rv = VerifyInternal(cert, hostname, flags, crl_set, |
| 207 additional_trust_anchors, verify_result); | 207 additional_trust_anchors, verify_result); |
| 208 | 208 |
| 209 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback", |
| 210 verify_result->common_name_fallback_used); |
| 211 if (!verify_result->is_issued_by_known_root) { |
| 212 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA", |
| 213 verify_result->common_name_fallback_used); |
| 214 } |
| 215 |
| 209 // This check is done after VerifyInternal so that VerifyInternal can fill | 216 // This check is done after VerifyInternal so that VerifyInternal can fill |
| 210 // in the list of public key hashes. | 217 // in the list of public key hashes. |
| 211 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { | 218 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { |
| 212 verify_result->cert_status |= CERT_STATUS_REVOKED; | 219 verify_result->cert_status |= CERT_STATUS_REVOKED; |
| 213 rv = MapCertStatusToNetError(verify_result->cert_status); | 220 rv = MapCertStatusToNetError(verify_result->cert_status); |
| 214 } | 221 } |
| 215 | 222 |
| 216 // Check for weak keys in the entire verified chain. | 223 // Check for weak keys in the entire verified chain. |
| 217 bool weak_key = ExaminePublicKeys(verify_result->verified_cert, | 224 bool weak_key = ExaminePublicKeys(verify_result->verified_cert, |
| 218 verify_result->is_issued_by_known_root); | 225 verify_result->is_issued_by_known_root); |
| (...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 386 memcmp(j->data(), kHashes[i], base::kSHA1Length) == 0) { | 393 memcmp(j->data(), kHashes[i], base::kSHA1Length) == 0) { |
| 387 return true; | 394 return true; |
| 388 } | 395 } |
| 389 } | 396 } |
| 390 } | 397 } |
| 391 | 398 |
| 392 return false; | 399 return false; |
| 393 } | 400 } |
| 394 | 401 |
| 395 } // namespace net | 402 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 27624002:
Add a histogram for measuring the number of times we fall back to common name matching, when a cert… (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src