Chromium Code Reviews Chromium Code Reviews
Issue 27624002:
Add a histogram for measuring the number of times we fall back to common name matching, when a cert… (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc_nss.h" | 5 #include "net/cert/cert_verify_proc_nss.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include <cert.h> | 10 #include <cert.h> |
| (...skipping 745 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 756 CertVerifyResult* verify_result) { | 756 CertVerifyResult* verify_result) { |
| 757 #if defined(OS_IOS) | 757 #if defined(OS_IOS) |
| 758 // For iOS, the entire chain must be loaded into NSS's in-memory certificate | 758 // For iOS, the entire chain must be loaded into NSS's in-memory certificate |
| 759 // store. | 759 // store. |
| 760 x509_util_ios::NSSCertChain scoped_chain(cert); | 760 x509_util_ios::NSSCertChain scoped_chain(cert); |
| 761 CERTCertificate* cert_handle = scoped_chain.cert_handle(); | 761 CERTCertificate* cert_handle = scoped_chain.cert_handle(); |
| 762 #else | 762 #else |
| 763 CERTCertificate* cert_handle = cert->os_cert_handle(); | 763 CERTCertificate* cert_handle = cert->os_cert_handle(); |
| 764 #endif // defined(OS_IOS) | 764 #endif // defined(OS_IOS) |
| 765 | 765 |
| 766 // Make sure that the hostname matches with the common name of the cert. | 766 // Make sure that the hostname matches with the common name of the cert. |
|
wtc
2013/10/23 22:39:26
This comment should be updated or removed.
| |
| 767 if (!cert->VerifyNameMatch(hostname)) | 767 if (!cert->VerifyNameMatch(hostname, |
| 768 &verify_result->common_name_fallback_used)) { | |
| 768 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | 769 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
| 770 } | |
| 769 | 771 |
| 770 // Make sure that the cert is valid now. | 772 // Make sure that the cert is valid now. |
| 771 SECCertTimeValidity validity = CERT_CheckCertValidTimes( | 773 SECCertTimeValidity validity = CERT_CheckCertValidTimes( |
| 772 cert_handle, PR_Now(), PR_TRUE); | 774 cert_handle, PR_Now(), PR_TRUE); |
| 773 if (validity != secCertTimeValid) | 775 if (validity != secCertTimeValid) |
| 774 verify_result->cert_status |= CERT_STATUS_DATE_INVALID; | 776 verify_result->cert_status |= CERT_STATUS_DATE_INVALID; |
| 775 | 777 |
| 776 CERTValOutParam cvout[3]; | 778 CERTValOutParam cvout[3]; |
| 777 int cvout_index = 0; | 779 int cvout_index = 0; |
| 778 cvout[cvout_index].type = cert_po_certList; | 780 cvout[cvout_index].type = cert_po_certList; |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 882 if (VerifyEV(cert_handle, flags, crl_set, check_revocation, metadata, | 884 if (VerifyEV(cert_handle, flags, crl_set, check_revocation, metadata, |
| 883 ev_policy_oid, trust_anchors.get())) { | 885 ev_policy_oid, trust_anchors.get())) { |
| 884 verify_result->cert_status |= CERT_STATUS_IS_EV; | 886 verify_result->cert_status |= CERT_STATUS_IS_EV; |
| 885 } | 887 } |
| 886 } | 888 } |
| 887 | 889 |
| 888 return OK; | 890 return OK; |
| 889 } | 891 } |
| 890 | 892 |
| 891 } // namespace net | 893 } // namespace net |
| OLD | NEW |
