net/cert/cert_verify_proc_mac.cc - Issue 27624002: Add a histogram for measuring the number of times we fall back to common name matching, when a cert…

Side by Side Diff: net/cert/cert_verify_proc_mac.cc

Issue 27624002: Add a histogram for measuring the number of times we fall back to common name matching, when a cert… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Review feedback Created 7 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/cert_verify_proc_mac.h"	5 #include "net/cert/cert_verify_proc_mac.h"

6	6

7 #include <CommonCrypto/CommonDigest.h>	7 #include <CommonCrypto/CommonDigest.h>

8 #include <CoreServices/CoreServices.h>	8 #include <CoreServices/CoreServices.h>

9 #include <Security/Security.h>	9 #include <Security/Security.h>

10	10

(...skipping 638 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
649 if (!IsCertStatusError(verify_result->cert_status)) {	649 if (!IsCertStatusError(verify_result->cert_status)) {

650 LOG(WARNING) << "trust_result=" << trust_result;	650 LOG(WARNING) << "trust_result=" << trust_result;

651 verify_result->cert_status \|= CERT_STATUS_INVALID;	651 verify_result->cert_status \|= CERT_STATUS_INVALID;

652 }	652 }

653 break;	653 break;

654 }	654 }

655	655

656 // Perform hostname verification independent of SecTrustEvaluate. In order to	656 // Perform hostname verification independent of SecTrustEvaluate. In order to

657 // do so, mask off any reported name errors first.	657 // do so, mask off any reported name errors first.

658 verify_result->cert_status &= ~CERT_STATUS_COMMON_NAME_INVALID;	658 verify_result->cert_status &= ~CERT_STATUS_COMMON_NAME_INVALID;

659 if (!cert->VerifyNameMatch(hostname))	659 if (!cert->VerifyNameMatch(hostname,

	660 &verify_result->common_name_fallback_used)) {

660 verify_result->cert_status \|= CERT_STATUS_COMMON_NAME_INVALID;	661 verify_result->cert_status \|= CERT_STATUS_COMMON_NAME_INVALID;

	662 }

661	663

662 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be	664 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be

663 // compatible with Windows, which in turn implements this behavior to be	665 // compatible with Windows, which in turn implements this behavior to be

664 // compatible with WinHTTP, which doesn't report this error (bug 3004).	666 // compatible with WinHTTP, which doesn't report this error (bug 3004).

665 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM;	667 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM;

666	668

667 AppendPublicKeyHashes(completed_chain, &verify_result->public_key_hashes);	669 AppendPublicKeyHashes(completed_chain, &verify_result->public_key_hashes);

668 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(completed_chain);	670 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(completed_chain);

669	671

670 if (IsCertStatusError(verify_result->cert_status))	672 if (IsCertStatusError(verify_result->cert_status))

(...skipping 34 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
705 }	707 }

706 }	708 }

707 }	709 }

708 }	710 }

709 }	711 }

710	712

711 return OK;	713 return OK;

712 }	714 }

713	715

714 } // namespace net	716 } // namespace net

OLD	NEW

« no previous file with comments | « net/cert/cert_verify_proc_android.cc ('k') | net/cert/cert_verify_proc_nss.cc » ('j') | no next file with comments »