Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(123)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_builtin.cc

Issue 2832703002: Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
Patch Set: mac fix Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/BUILD.gn ('k') | net/cert/internal/cert_issuer_source_nss.h » ('j') | net/cert/internal/trust_store.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2017 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_builtin.h" 5 #include "net/cert/cert_verify_proc_builtin.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 218 matching lines...) Expand 10 before | Expand all | Expand 10 after
229 verify_result->cert_status |= CERT_STATUS_DATE_INVALID; 229 verify_result->cert_status |= CERT_STATUS_DATE_INVALID;
230 return; 230 return;
231 } 231 }
232 232
233 // Initialize the path builder. 233 // Initialize the path builder.
234 CertPathBuilder::Result result; 234 CertPathBuilder::Result result;
235 CertPathBuilder path_builder(target, ssl_trust_store->GetTrustStore(), 235 CertPathBuilder path_builder(target, ssl_trust_store->GetTrustStore(),
236 &signature_policy, verification_time, 236 &signature_policy, verification_time,
237 KeyPurpose::SERVER_AUTH, &result); 237 KeyPurpose::SERVER_AUTH, &result);
238 238
239 // Allow the path builder to discover intermediates from the trust store.
240 if (ssl_trust_store->GetCertIssuerSource())
241 path_builder.AddCertIssuerSource(ssl_trust_store->GetCertIssuerSource());
242
243 // Allow the path builder to discover the explicitly provided intermediates in 239 // Allow the path builder to discover the explicitly provided intermediates in
244 // |input_cert|. 240 // |input_cert|.
245 CertIssuerSourceStatic intermediates; 241 CertIssuerSourceStatic intermediates;
246 AddIntermediatesToIssuerSource(input_cert, &intermediates); 242 AddIntermediatesToIssuerSource(input_cert, &intermediates);
247 path_builder.AddCertIssuerSource(&intermediates); 243 path_builder.AddCertIssuerSource(&intermediates);
248 244
249 // TODO(crbug.com/649017): Allow the path builder to discover intermediates 245 // TODO(crbug.com/649017): Allow the path builder to discover intermediates
250 // through AIA fetching. 246 // through AIA fetching.
251 247
252 path_builder.Run(); 248 path_builder.Run();
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after
311 : OK; 307 : OK;
312 } 308 }
313 309
314 } // namespace 310 } // namespace
315 311
316 scoped_refptr<CertVerifyProc> CreateCertVerifyProcBuiltin() { 312 scoped_refptr<CertVerifyProc> CreateCertVerifyProcBuiltin() {
317 return scoped_refptr<CertVerifyProc>(new CertVerifyProcBuiltin()); 313 return scoped_refptr<CertVerifyProc>(new CertVerifyProcBuiltin());
318 } 314 }
319 315
320 } // namespace net 316 } // namespace net
OLDNEW
« no previous file with comments | « net/BUILD.gn ('k') | net/cert/internal/cert_issuer_source_nss.h » ('j') | net/cert/internal/trust_store.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698