| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_android.h" | 5 #include "net/cert/cert_verify_proc_android.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 84 return false; | 84 return false; |
| 85 } | 85 } |
| 86 | 86 |
| 87 int CertVerifyProcAndroid::VerifyInternal( | 87 int CertVerifyProcAndroid::VerifyInternal( |
| 88 X509Certificate* cert, | 88 X509Certificate* cert, |
| 89 const std::string& hostname, | 89 const std::string& hostname, |
| 90 int flags, | 90 int flags, |
| 91 CRLSet* crl_set, | 91 CRLSet* crl_set, |
| 92 const CertificateList& additional_trust_anchors, | 92 const CertificateList& additional_trust_anchors, |
| 93 CertVerifyResult* verify_result) { | 93 CertVerifyResult* verify_result) { |
| 94 if (!cert->VerifyNameMatch(hostname)) | 94 if (!cert->VerifyNameMatch(hostname, |
| 95 &verify_result->common_name_fallback_used)) { |
| 95 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | 96 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
| 97 } |
| 96 | 98 |
| 97 std::vector<std::string> cert_bytes; | 99 std::vector<std::string> cert_bytes; |
| 98 if (!GetChainDEREncodedBytes(cert, &cert_bytes)) | 100 if (!GetChainDEREncodedBytes(cert, &cert_bytes)) |
| 99 return ERR_CERT_INVALID; | 101 return ERR_CERT_INVALID; |
| 100 if (!VerifyFromAndroidTrustManager(cert_bytes, verify_result)) { | 102 if (!VerifyFromAndroidTrustManager(cert_bytes, verify_result)) { |
| 101 NOTREACHED(); | 103 NOTREACHED(); |
| 102 return ERR_FAILED; | 104 return ERR_FAILED; |
| 103 } | 105 } |
| 104 if (IsCertStatusError(verify_result->cert_status)) | 106 if (IsCertStatusError(verify_result->cert_status)) |
| 105 return MapCertStatusToNetError(verify_result->cert_status); | 107 return MapCertStatusToNetError(verify_result->cert_status); |
| 106 | 108 |
| 107 // TODO(ppi): Implement missing functionality: yielding the constructed trust | 109 // TODO(ppi): Implement missing functionality: yielding the constructed trust |
| 108 // chain, public key hashes of its certificates and |is_issued_by_known_root| | 110 // chain, public key hashes of its certificates and |is_issued_by_known_root| |
| 109 // flag. All of the above require specific support from the platform, missing | 111 // flag. All of the above require specific support from the platform, missing |
| 110 // in the Java APIs. See also: http://crbug.com/116838 | 112 // in the Java APIs. See also: http://crbug.com/116838 |
| 111 | 113 |
| 112 // Until the required support is available in the platform, we don't know if | 114 // Until the required support is available in the platform, we don't know if |
| 113 // the trust root at the end of the chain was standard or user-added, so we | 115 // the trust root at the end of the chain was standard or user-added, so we |
| 114 // mark all correctly verified certificates as issued by a known root. | 116 // mark all correctly verified certificates as issued by a known root. |
| 115 verify_result->is_issued_by_known_root = true; | 117 verify_result->is_issued_by_known_root = true; |
| 116 | 118 |
| 117 return OK; | 119 return OK; |
| 118 } | 120 } |
| 119 | 121 |
| 120 } // namespace net | 122 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 27624002:
Add a histogram for measuring the number of times we fall back to common name matching, when a cert… (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src