| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_openssl.h" | 5 #include "net/cert/cert_verify_proc_openssl.h" |
| 6 | 6 |
| 7 #include <openssl/x509v3.h> | 7 #include <openssl/x509v3.h> |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 165 | 165 |
| 166 int CertVerifyProcOpenSSL::VerifyInternal( | 166 int CertVerifyProcOpenSSL::VerifyInternal( |
| 167 X509Certificate* cert, | 167 X509Certificate* cert, |
| 168 const std::string& hostname, | 168 const std::string& hostname, |
| 169 int flags, | 169 int flags, |
| 170 CRLSet* crl_set, | 170 CRLSet* crl_set, |
| 171 const CertificateList& additional_trust_anchors, | 171 const CertificateList& additional_trust_anchors, |
| 172 CertVerifyResult* verify_result) { | 172 CertVerifyResult* verify_result) { |
| 173 crypto::EnsureOpenSSLInit(); | 173 crypto::EnsureOpenSSLInit(); |
| 174 | 174 |
| 175 if (!cert->VerifyNameMatch(hostname)) | 175 if (!cert->VerifyNameMatch(hostname, |
| 176 &verify_result->common_name_fallback_used)) { |
| 176 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | 177 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
| 178 } |
| 177 | 179 |
| 178 crypto::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx( | 180 crypto::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx( |
| 179 X509_STORE_CTX_new()); | 181 X509_STORE_CTX_new()); |
| 180 | 182 |
| 181 crypto::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates( | 183 crypto::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates( |
| 182 sk_X509_new_null()); | 184 sk_X509_new_null()); |
| 183 if (!intermediates.get()) | 185 if (!intermediates.get()) |
| 184 return ERR_OUT_OF_MEMORY; | 186 return ERR_OUT_OF_MEMORY; |
| 185 | 187 |
| 186 const X509Certificate::OSCertHandles& os_intermediates = | 188 const X509Certificate::OSCertHandles& os_intermediates = |
| (...skipping 30 matching lines...) Expand all Loading... |
| 217 // TODO(joth): if the motivations described in | 219 // TODO(joth): if the motivations described in |
| 218 // http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 become an | 220 // http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 become an |
| 219 // issue on OpenSSL builds, we will need to embed a hardcoded list of well | 221 // issue on OpenSSL builds, we will need to embed a hardcoded list of well |
| 220 // known root CAs, as per the _mac and _win versions. | 222 // known root CAs, as per the _mac and _win versions. |
| 221 verify_result->is_issued_by_known_root = true; | 223 verify_result->is_issued_by_known_root = true; |
| 222 | 224 |
| 223 return OK; | 225 return OK; |
| 224 } | 226 } |
| 225 | 227 |
| 226 } // namespace net | 228 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 27624002:
Add a histogram for measuring the number of times we fall back to common name matching, when a cert… (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src