OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc_mac.h" | 5 #include "net/cert/cert_verify_proc_mac.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
10 | 10 |
(...skipping 638 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
649 if (!IsCertStatusError(verify_result->cert_status)) { | 649 if (!IsCertStatusError(verify_result->cert_status)) { |
650 LOG(WARNING) << "trust_result=" << trust_result; | 650 LOG(WARNING) << "trust_result=" << trust_result; |
651 verify_result->cert_status |= CERT_STATUS_INVALID; | 651 verify_result->cert_status |= CERT_STATUS_INVALID; |
652 } | 652 } |
653 break; | 653 break; |
654 } | 654 } |
655 | 655 |
656 // Perform hostname verification independent of SecTrustEvaluate. In order to | 656 // Perform hostname verification independent of SecTrustEvaluate. In order to |
657 // do so, mask off any reported name errors first. | 657 // do so, mask off any reported name errors first. |
658 verify_result->cert_status &= ~CERT_STATUS_COMMON_NAME_INVALID; | 658 verify_result->cert_status &= ~CERT_STATUS_COMMON_NAME_INVALID; |
659 if (!cert->VerifyNameMatch(hostname)) | 659 if (!cert->VerifyNameMatch(hostname, |
| 660 &verify_result->common_name_fallback_used)) { |
660 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | 661 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
| 662 } |
661 | 663 |
662 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be | 664 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be |
663 // compatible with Windows, which in turn implements this behavior to be | 665 // compatible with Windows, which in turn implements this behavior to be |
664 // compatible with WinHTTP, which doesn't report this error (bug 3004). | 666 // compatible with WinHTTP, which doesn't report this error (bug 3004). |
665 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM; | 667 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM; |
666 | 668 |
667 AppendPublicKeyHashes(completed_chain, &verify_result->public_key_hashes); | 669 AppendPublicKeyHashes(completed_chain, &verify_result->public_key_hashes); |
668 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(completed_chain); | 670 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(completed_chain); |
669 | 671 |
670 if (IsCertStatusError(verify_result->cert_status)) | 672 if (IsCertStatusError(verify_result->cert_status)) |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
705 } | 707 } |
706 } | 708 } |
707 } | 709 } |
708 } | 710 } |
709 } | 711 } |
710 | 712 |
711 return OK; | 713 return OK; |
712 } | 714 } |
713 | 715 |
714 } // namespace net | 716 } // namespace net |
OLD | NEW |