OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc_win.h" | 5 #include "net/cert/cert_verify_proc_win.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
(...skipping 746 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
757 verify_result->cert_status |= MapNetErrorToCertStatus( | 757 verify_result->cert_status |= MapNetErrorToCertStatus( |
758 MapSecurityError(policy_status.dwError)); | 758 MapSecurityError(policy_status.dwError)); |
759 } | 759 } |
760 | 760 |
761 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be | 761 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be |
762 // compatible with WinHTTP, which doesn't report this error (bug 3004). | 762 // compatible with WinHTTP, which doesn't report this error (bug 3004). |
763 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM; | 763 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM; |
764 | 764 |
765 // Perform hostname verification independent of | 765 // Perform hostname verification independent of |
766 // CertVerifyCertificateChainPolicy. | 766 // CertVerifyCertificateChainPolicy. |
767 if (!cert->VerifyNameMatch(hostname)) | 767 if (!cert->VerifyNameMatch(hostname, |
| 768 &verify_result->common_name_fallback_used)) { |
768 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | 769 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
| 770 } |
769 | 771 |
770 if (!rev_checking_enabled) { | 772 if (!rev_checking_enabled) { |
771 // If we didn't do online revocation checking then Windows will report | 773 // If we didn't do online revocation checking then Windows will report |
772 // CERT_UNABLE_TO_CHECK_REVOCATION unless it had cached OCSP or CRL | 774 // CERT_UNABLE_TO_CHECK_REVOCATION unless it had cached OCSP or CRL |
773 // information for every certificate. We only want to put up revoked | 775 // information for every certificate. We only want to put up revoked |
774 // statuses from the offline checks so we squash this error. | 776 // statuses from the offline checks so we squash this error. |
775 verify_result->cert_status &= ~CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; | 777 verify_result->cert_status &= ~CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; |
776 } | 778 } |
777 | 779 |
778 AppendPublicKeyHashes(chain_context, &verify_result->public_key_hashes); | 780 AppendPublicKeyHashes(chain_context, &verify_result->public_key_hashes); |
779 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context); | 781 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(chain_context); |
780 | 782 |
781 if (IsCertStatusError(verify_result->cert_status)) | 783 if (IsCertStatusError(verify_result->cert_status)) |
782 return MapCertStatusToNetError(verify_result->cert_status); | 784 return MapCertStatusToNetError(verify_result->cert_status); |
783 | 785 |
784 if (ev_policy_oid && | 786 if (ev_policy_oid && |
785 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { | 787 CheckEV(chain_context, rev_checking_enabled, ev_policy_oid)) { |
786 verify_result->cert_status |= CERT_STATUS_IS_EV; | 788 verify_result->cert_status |= CERT_STATUS_IS_EV; |
787 } | 789 } |
788 return OK; | 790 return OK; |
789 } | 791 } |
790 | 792 |
791 } // namespace net | 793 } // namespace net |
OLD | NEW |