Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(394)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_win.cc

Issue 27624002: Add a histogram for measuring the number of times we fall back to common name matching, when a cert… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Review feedback Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/cert/cert_verify_proc_openssl.cc ('k') | net/cert/cert_verify_result.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_win.h" 5 #include "net/cert/cert_verify_proc_win.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/memory/scoped_ptr.h" 10 #include "base/memory/scoped_ptr.h"
(...skipping 746 matching lines...) Expand 10 before | Expand all | Expand 10 after
757 verify_result->cert_status |= MapNetErrorToCertStatus( 757 verify_result->cert_status |= MapNetErrorToCertStatus(
758 MapSecurityError(policy_status.dwError)); 758 MapSecurityError(policy_status.dwError));
759 } 759 }
760 760
761 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be 761 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be
762 // compatible with WinHTTP, which doesn't report this error (bug 3004). 762 // compatible with WinHTTP, which doesn't report this error (bug 3004).
763 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM; 763 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM;
764 764
765 // Perform hostname verification independent of 765 // Perform hostname verification independent of
766 // CertVerifyCertificateChainPolicy. 766 // CertVerifyCertificateChainPolicy.
767 if (!cert->VerifyNameMatch(hostname)) 767 if (!cert->VerifyNameMatch(hostname,
768 &verify_result->common_name_fallback_used)) {
768 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; 769 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
770 }
769 771
770 if (!rev_checking_enabled) { 772 if (!rev_checking_enabled) {
771 // If we didn't do online revocation checking then Windows will report 773 // If we didn't do online revocation checking then Windows will report
772 // CERT_UNABLE_TO_CHECK_REVOCATION unless it had cached OCSP or CRL 774 // CERT_UNABLE_TO_CHECK_REVOCATION unless it had cached OCSP or CRL
773 // information for every certificate. We only want to put up revoked 775 // information for every certificate. We only want to put up revoked
774 // statuses from the offline checks so we squash this error. 776 // statuses from the offline checks so we squash this error.
775 verify_result->cert_status &= ~CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; 777 verify_result->cert_status &= ~CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
776 } 778 }
777 779
778 AppendPublicKeyHashes(chain_context, &verify_result->public_key_hashes); 780 AppendPublicKeyHashes(chain_context, &verify_result->public_key_hashes);
779 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context); 781 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context);
780 782
781 if (IsCertStatusError(verify_result->cert_status)) 783 if (IsCertStatusError(verify_result->cert_status))
782 return MapCertStatusToNetError(verify_result->cert_status); 784 return MapCertStatusToNetError(verify_result->cert_status);
783 785
784 if (ev_policy_oid && 786 if (ev_policy_oid &&
785 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { 787 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) {
786 verify_result->cert_status |= CERT_STATUS_IS_EV; 788 verify_result->cert_status |= CERT_STATUS_IS_EV;
787 } 789 }
788 return OK; 790 return OK;
789 } 791 }
790 792
791 } // namespace net 793 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc_openssl.cc ('k') | net/cert/cert_verify_result.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698